Subsonic Forum

[aaarkhipov]

Hi.

If I enter the URL like this into the browser

https://server:4041/videoPlayer.view?pa ... 362e6d7034

it asks no login/password and opens the media player.

Is it design issue or configuration issue?

Thanks,

Andrei.

[toolman]

Hi,
I would say it's no configuration issue but a design issue.
But I am not too worried about it, because what are the chances that a complete stranger would come up with a randomly typed url like the one you posted?
Further you need to consider if you copied that url from a subsonic session that you logged into properly.( Meaning you logged in with valid credentials)
Was that session still open on your computer when you pasted that into another instance of your browser?
If that's so, then yes you get acces.

[aaarkhipov]

Well, the problem is not that someone will type in random URL and ends-up in my subsonic library. The problem is that I want to share this link with my colleague saving him troubles to navigate through the collections to the specific media. But as soon as the link is passed to someone else, you never know where it ends up. If Subsonic verifies only top-level URL, then it might be problem leaving a backdoor.

Andrei.