This needs to be copypasta’d as a reply to every comment suggesting that opening up jellyfin to the internet is easy and everyone should do it to get away from Plex.
Comment on What's the security situation when opening a jellyfin server up for casting?
mic_check_one_two@lemmy.dbzer0.com 1 week agoAlso, don’t use the default “data/media/{library name}” (or whatever the suggested format is) folder setup that the Trash Guide has you set up. At least change the “tv”, “movies”, etc name to something different. Jellyfin has a known vulnerability where an attacker can get access to media without valid credentials if they already know the file path. Jellyfin devs have stated that they have no intention of ever fixing this, because it would require completely divesting from the Kodi branch that everything is built on. And since everyone follows the Trash Guide to set their *Arr stack and library up, guessing file paths is laughably easy.
You’re using the suggested file naming in your *Arr stack, so Jellyfin can automatically match media? Congrats, so is everyone else. You’re using the suggested folder layout so your *Arr stack can use hardlinks? Congrats, so is everyone else. At least change the library folder names. Since your library folder doesn’t need to match the name of your Jellyfin library, you can literally have your “tv”, “movies”, and other folders be named whatever you want. Hell, name your tv folder “peepee” and your movies folder “poopoo” for all I care.
Wolf314159@startrek.website 1 week ago
planish@sh.itjust.works 1 week ago
That certainly sounds like a thing you would want, nay need, to fix.
victorz@lemmy.world 1 week ago
This sounds like a blocker for me to not switch to Jellyfin… What else is in there that’s equally severe?