I found that you can force a player to play in a browser or a media player by simply putting this in your browser:
http://YOURSERVERHERE.com:4040/stream?p ... uffix=.mp3
This seems like it could be a pretty big flaw, because even if I don't guess the player number correctly, it'll default to another.
Thoughts on this? Is there a way to disable this?
Security flaw or a feature?
Moderator: moderators
2 posts
• Page 1 of 1
Security flaw or a feature?
by thenicnet » Tue May 08, 2012 9:10 pm
- thenicnet
- Posts: 1
- Joined: Tue May 08, 2012 9:07 pm
Re: Security flaw or a feature?
by lovebags » Tue May 15, 2012 1:19 pm
Ah yes so it does, interesting find. For me on a Mac 10.7.4 on Safari It loads the song from the start into a non-controllable player in the browser (except for a pause button). It doest give away any more information that what current authnticated users can't find out within the status section but does completely bypass our LDAP authentication which we use (but so do 'shared' links so must be working on a similar level) For an outside user they would need to know this URL plus put in a player number in order to hear a song someone happens to be playing. I guess it could be seen as both a feature and a flaw at the same time?
-
lovebags - Posts: 86
- Joined: Wed Feb 02, 2011 1:49 am
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 26 guests