Comment on Important Notice of Security Incident
MaggiWuerze@feddit.org 2 months agoPlex has a whole team dedicated to security. It’s obviously not perfect and it is a larger attack surface than Jellyfin, but I’ll take that any day over devs who treat security as an afterthought
Orygin@sh.itjust.works 2 months ago
You mean the security team that got pwned here?
MaggiWuerze@feddit.org 2 months ago
Still better to have a team to react to this incident than just have them shrug and ignore it for 5 years
AmbiguousProps@lemmy.today 2 months ago
What about the pwned users of Jellyfin that have unknowingly had security holes because Jellyfin doesn’t care enough to even put a banner in their settings to say it’s not secure?
emax_gomax@lemmy.world 2 months ago
What security holes? I think the bigger problem here is relying on a media platform to also maintain security protocols. Use authelia or plug some other well maintained and hardened security mechanism on top of jellyfin. Then put it in front of everything else like the arrs, etc. Its weird to me to just setup jellyfin, make it Internet facing, and believing everything is just gonna be safe and secure with no issue. Frankly id prefer if all these services came without security. Its a royal pain to bypass it for localhost or proxying with something like authelia.
AmbiguousProps@lemmy.today 2 months ago
Huh? Did you even read the whole thread? They’re linker above.