Jump to content

Suggestions for login

anks

By anks
in Feature Requests

 Share

Recommended Posts

anks

anks   36

Posted
Posted

As far as I am aware, the following is true:

 

-  External users do not get the profile screen, just a login. (Non reverse proxy obviously)

-  Local users get the profile screen

-  Users accessing MB from localhost can login to any account without a password or an incorrect password. (A problem is reverse proxy is on the same machine as MB but there is a work around)

 

Perhaps a simple solution would be:

 

-  A system wide option to disable the profile screen and require manual logins.

-  An option to require logins for localhost.  (any reason why localhost is treated differently?)

 

As far as I can see this change would be inline with the architecture and not affect existing apps.

 

Very happy to code these changes if they fit the requirements?

Link to comment
Share on other sites
ebr Emby Team

ebr   14898

Posted
Posted

#1 would require changes to all apps.

 

#2 seems reasonable but does create a potential problem.  The reason un-secured access is allowed via localhost is to allow you to get access to the server if you forget your admin password.  We would have to have another way to do that.

Link to comment
Share on other sites
pir8radio

pir8radio   1292

Posted
Posted (edited)

As far as I am aware, the following is true:

 

-  External users do not get the profile screen, just a login. (Non reverse proxy obviously)

-  Local users get the profile screen

-  Users accessing MB from localhost can login to any account without a password or an incorrect password. (A problem is reverse proxy is on the same machine as MB but there is a work around)

 

Perhaps a simple solution would be:

 

-  A system wide option to disable the profile screen and require manual logins.

-  An option to require logins for localhost.  (any reason why localhost is treated differently?)

 

As far as I can see this change would be inline with the architecture and not affect existing apps.

 

Very happy to code these changes if they fit the requirements?

 

I ended up using the server name for my reverse proxy, rather than local host or 127.0.0.1    This will pick IPV6 or IPv4 local addresses and not loopback through the lan interface.   and media browser doesnt think its a local request.  MB also sees the remote IP's in its logs.

 

What about the ability to bind MB to a specific interface?  so that localhost and 127.0.0.1 wont respond to MB requests.   Assuming that is what you are talking about you dont want people to be able to walk up to your MB machine and have full access?    or!   an option to set when you click the MB icon and go to browse or manage server you can set an option to make that link use the server name, rather than localhost..  Doesnt really help if people know how MB works, but may keep the kids from deleting your library?   I think the bind option is probably easiest no?

Edited by pir8radio
Link to comment
Share on other sites
ScottIsAFool

ScottIsAFool   517

Posted
Posted

#1 would require changes to all apps.

We used to have that anyway. I know mine did. There was a setting on the server, but it disappeared from the API I believe. @@Luke?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...