The issue:
In settings>users I have disallowed downloading from my subsonic server for each individual user account, only my admin account has downloading allowed. When users other than myself log on to their accounts via web browser, this functions correctly.
However, if users log on to their account via the android application, then they are able to download songs off of my subsonic server. The option to "Save on Phone" (which results in a green star meaning the file is saved as an mp3) rather than queue/cache (orange star, saved as a temp file) is always available on their phone.
Subsonic 4.1 beta on windows 7 x64
recreated in android app v1.7: nexus 1, mytouch 3g & HTC G1
untested with other apps (ie. air or iphone)
ps. I loooove subsonic, thank you Sindre I use it everyday!
pps. I lurked/searched these forums but I did not find any resolution or acknowledgment of the issue, I apologize in advance if this is a repost.
Security flaw or by design?
Moderator: moderators
2 posts
• Page 1 of 1
Security flaw or by design?
by jtripper » Tue Aug 31, 2010 2:40 am
- jtripper
- Posts: 2
- Joined: Tue Aug 31, 2010 2:00 am
by sindre_mehus » Tue Aug 31, 2010 6:11 am
Hi mate,
This behavior is by design. The song is saved in either case, the difference is just that the "Save to phone" saves it permanently (or until the user explicitly deletes it).
I guess (hope?) that most users are comfortable with this.
Thanks
Sindre
This behavior is by design. The song is saved in either case, the difference is just that the "Save to phone" saves it permanently (or until the user explicitly deletes it).
I guess (hope?) that most users are comfortable with this.
Thanks
Sindre
Subsonic developer
-
sindre_mehus - Posts: 1955
- Joined: Tue Nov 29, 2005 6:19 pm
- Location: Oslo, Norway
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 13 guests