Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
Collection of potential security issues in Jellyfin This is a non exhaustive list of potential security issues found in Jellyfin. Some of these might cause controversy. Some of these are design fla…
I think you can IP whitelist who can access it no? That should solve any problems
There is zero (0) chance of an attacker to know and then spoof address of your friend unless you have even bigger problems. Good filter should simply not respond to any packets making very existence of exploitable site undetectable.
Does your friend have a static IP? Unlikely considering that you have to pay extra for a static IP.
Wrong use case, the expected one is friends and family watching stuff on your Jellyfin server from different homes, potentially through mobile, all with dynamic IPs
Then MAC address
Perfect use for allowlisting based on dynamic DNS hostnames.
is that a feature in Jellyfin? and since when do all ISP subscribers have names in DNS?
You would set up the allowlist in your firewall. There are plenty of free options for dynamic DNS though not from any ISPs that I’m aware of.