Look at the rest of this thread though... many people are just fine with "this is FUD, I'm going to keep doing it!"
Still, posts like this raise awareness of the problem.
Saik0Shinigami
joined 2 years ago
There is no authentication occurring. There is no "hacking" here. Nothing about scanners or bots scraping unauthenticated endpoints is illegal. This would be admissable.
There is no authentication occurring. There is no "hacking" here. Nothing about scanners or bots scraping unauthenticated endpoints is illegal. This would be admissable.
No. None of the items are closed. Click the "closed" items. All of them are "Not planned. Duplicate, see 5415".
Edit: The biggest issue of unauthenticated streaming of content... https://github.com/jellyfin/jellyfin/issues/13777
Last opened last week. closed as duplicate. it's unaddressed completely.
No. None of the items are closed. Click the "closed" items. All of them are "Not planned. Duplicate, see 5415".
No. None of the items are closed. Click the "closed" items. All of them are "Not planned. Duplicate, see 5415".
Keeping that copy on a web accessible platform that is accessible by anyone on the internet(unauthenticated) isn't covered by your rights at a bare minimum.
Depending on the content "timing" if they trigger on something that doesn't have a physical/consumer release yet... or all sorts of other "impossible" conditions. This is obviously reliant on what content you actually have on your server.
It's still something regardless that it's best not to invite.
Oh, sure enough. Basic auth breaks the login function. I didn't test it myself and didn't think that it wouldn't work for basic auth. I've put other auths in front of it and it works. So It's not completely "misinformation". Just annoying that the easiest most basic form of auth won't work.
Probably not. But depending on how it's configured it could still be a gamble/risk. A rate limiting setup can mitigate it a lot.
Having it publicly accessible on a web server is distribution. And that normally IS a crime unless you have some licenses to do so.
No... that's the point of this thread. There is no requirement to login in order to manually access endpoints. Up to and including pulling video data.
view more: next ›
I was testing a 2fa based one the other weak and jellyfin was the service I decided to test with. Ultimately didnt like it so I rolled ot back.I'd have to go look it up to get you a name.