Comment on Plex got hacked.
BackgrndNoize@lemmy.world 2 weeks agoStuff like this can happen to any app, developers are only human, shit happens, but the bigger a company is, the bigger target it becomes, so there is some saftey in an open source app that’s not as popular, but then again a bigger company also has more resources to monitor for security breaches and quickly address them and push out a hot fix, can’t say I know how this works for smaller free open source apps
Sneptaur@pawb.social 2 weeks ago
I think the point here is that Jellyfin doesn’t have a centralized login or website like Plex does. An attacker would have to know about your server and log into it directly to get access. If you run it in a container, there isn’t a lot they can do other than trashing your media library, which you should have protected with filesystem snapshots anyway.
purplemonkeymad@programming.dev 2 weeks ago
Jellyfin doesn’t even have write access to my files. If they can get access into the container’s process then I guess they could add stuff to the web interface which could contain bad stuff.
Sneptaur@pawb.social 2 weeks ago
That’s also a viable solution, but for me I just use Btrfs snapshots on my NAS. My files are stored on a different device and the Jellyfin container only sees them as a mounted dir, not even aware that it’s an SMB mount.