Since this thread keeps coming back from the dead, the answer to the question "Is a token generated that can access my media without a password" is: Yes, it can, and is.
In the PlexPass forums, moderators have already responded to a Proof of Concept token exploit (that is not in the wild, but was developed specifically to address this issue, so do not be overly concerned) and have responded that they are making strides towards securing Plex properly via SSL.
For those members that have pushed Plex forward via membership, here's a link to that thread to read more
I must say while reading this thread It became apparent to me that the security issue here with plex has been takin care of .
Though not really concerned about what movies I share with friends and family members, for I purchased these movies on dvd and ripped them
to my library. A tedious task I will say !!!
I understand this is legal to to do, Am I wrong ? There are some movies I downloaded from Youtube mainly Rock Concerts I was not able to attend
thru my life, this I know is not , but fuggit its there.
I will say this about the plex devs I am not worried about my security or the people in this community. Now the Big Brother aspect, prove to me what I said
on my conversation with a friend years ago while on the phone with him about how aliens are not real. That upset him so, weve not talkin since.
I like to say sorry to him. If I could get the tapes the NSA have and listen to that conversation , I could remember the conversation and understand why I must say
I must say while reading this thread It became apparent to me that the security issue here with plex has been takin care of .
Though not really concerned about what movies I share with friends and family members, for I purchased these movies on dvd and ripped them
to my library. A tedious task I will say !!!
I understand this is legal to to do, Am I wrong ? There are some movies I downloaded from Youtube mainly Rock Concerts I was not able to attend
thru my life, this I know is not , but fuggit its there.
I will say this about the plex devs I am not worried about my security or the people in this community. Now the Big Brother aspect, prove to me what I said
on my conversation with a friend years ago while on the phone with him about how aliens are not real. That upset him so, weve not talkin since.
I like to say sorry to him. If I could get the tapes the NSA have and listen to that conversation , I could remember the conversation and understand why I must say
sorry to my friend.
Most people would say "Good Luck with That"
Wrong. It is not fixed. I wrote a python program in 30 minutes that would connect to your server without credentials simply by being on the same network as a client that has access to your server.
I my world Cloud products should be limited not to be every other product, but a product in its self.
I want the trust to be reversed so that I choose what cloud any and all my data should be present on.
If we continue this path, the personal data would potentially end up on so many cloud services that I would never be in control over where my data is.
Goal for me is that I need to share my data only on my local network and that includes authentications and so on. I will choose where my data, statistics etc. are stored.
I do understand that if something is free then you are the product, id rather pay a price and not be the product.
So the conclusion must be that Plex is now either a cloud product or a standalone product ie. within same PC.?
@elan said:
Dear bugger, we’ve chosen to go down a path which was the most convenient for the vast majority of our users. I understand some people don’t trust cloud services, don’t use gmail, never email photos (who knows which machines they pass through or are stored on?), and use VPNs for everything. I respect that, but it’s hard for us to do work to accomodate that sort of workflow. That’s not to say that we won’t continue to enhance security over time and provide enhanced permission controls, but we decided to stop supporting direct user/pass auth into servers because (a) it was insecure and it was extra work to provide alternate mechanisms on all our clients and (c) the choices were confusing users and (d) the user/pass choice was hard to set up without myPlex providing private IP.
Elan-
I’m sorry for quoting a post so old as the info may have changed in such a period. I tried to search for an answer and
found multiple questions but no response. (Having said that, I am now sure that someone will post a response… )
Was there a reason as to why manual connections on clients were limited to IP addresses and DNS/FQDN entries were not permitted?
As a brand new Plex lifetime subscriber, I can’t help but wonder about the safety of using Plex either. I’m mostly concerned because it is now illegal in the US to rip DVDs and store them personally on your own computer…how then are we ever to upload content to the cloud? For example, I have an old copy of a ■■■■■■ movie I liked as a tween - Adam Sandler’s Little Nicky - I bought the DVD (yes, I actually bought this piece of shit) when I was 12 or 13. Can I not upload the DVD that I personally ripped to my PC to the cloud without fear of incrimination now? What the hell?
In the US it is NOT illegal to rip or copy a DVD (Fair Use Act Guarantees this)
However, Hollywood and all it’s power made it illegal to circumvent DRM (DMCA did this)
)