Access to media without loign/password?
Posted:
Sun Aug 05, 2012 9:20 pmby aaarkhipov
Hi.
If I enter the URL like this into the browser
https://server:4041/videoPlayer.view?pa ... 362e6d7034 it asks no login/password and opens the media player.
Is it design issue or configuration issue?
Thanks,
Andrei.
Re: Access to media without loign/password?
Posted:
Thu Aug 09, 2012 8:29 pmby toolman
Hi,
I would say it's no configuration issue but a design issue.
But I am not too worried about it, because what are the chances that a complete stranger would come up with a randomly typed url like the one you posted?
Further you need to consider if you copied that url from a subsonic session that you logged into properly.( Meaning you logged in with valid credentials)
Was that session still open on your computer when you pasted that into another instance of your browser?
If that's so, then yes you get acces.
Re: Access to media without loign/password?
Posted:
Wed Aug 15, 2012 10:52 amby aaarkhipov
Well, the problem is not that someone will type in random URL and ends-up in my subsonic library. The problem is that I want to share this link with my colleague saving him troubles to navigate through the collections to the specific media. But as soon as the link is passed to someone else, you never know where it ends up. If Subsonic verifies only top-level URL, then it might be problem leaving a backdoor.
Andrei.