[Feature Request] Allow Media Deletion from local subnet only


#1

First off, this request is not the removal of the Allow Media Deletion feature. It's to add a little more security to it.

I don't know the networking jargon so please bare with me.

What I suggest is to change the way Plex Media Server can delete files from your server by limiting deletions to only on your local subnet(private subnet) from the server.

That way, you will have the benefit of deleting content you no longer want while you are sitting on your couch at home and prevent anyone else deleting your files outside of your network.

As always, click the like button on this post and leave a comment if you want to have this feature.

Thanks.


#2

Only the forum administrator can delete media via Plex. The Allow Media Deletion feature does not apply to any other user. If you follow the best practice of not giving anyone your Admin credentials, they'll never even see the delete option.


#3

This isn't a bad idea. I follow the best practices, but additional security can't be a bad thing. However, I'm not overly concerned the way it is now.


#4

@beckfield said:
Only the forum administrator can delete media via Plex. The Allow Media Deletion feature does not apply to any other user. If you follow the best practice of not giving anyone your Admin credentials, they'll never even see the delete option.

LOL! WTF are you talking about! Are you suggesting that the good people that oversee this forum can delete your files?


#5

Sorry, not the forum admin, the server admin. :*


#6

Ah, yes. Indeed. That's true. Only the server admin can delete files. My suggestion adds a bit more security on top of that. Only the server admin that resides on the same local network as the server can delete files.


#7

Guests 'should' have their own Plex.tv accounts, be added as 'Friends', so they can't delete your entire Plexiverse when they become irritated with you while drunk (or think deleting 78,000 items makes finding those last 10 really easy).

:)

Frankly, if you're giving your Plex credentials to others - you deserve everything you get.
You wouldn't hand out business cards with your Social Security # or Banking Institution PIN # would you?
Same thing, but different.


#8

@JuiceWSA said:
Guests 'should' have their own Plex.tv accounts, be added as 'Friends', so they can't delete your entire Plexiverse when they become irritated with you while drunk (or think deleting 78,000 items makes finding those last 10 really easy).

:)

Frankly, if you're giving your Plex credentials to others - you deserve everything you get.
You wouldn't hand out business cards with your Social Security # or Banking Institution PIN # would you?
Same thing, but different.

Why are we stuck on 'if you give out your plex credentials'. That is not the only case.
I have to bring it back up.
http://lifehacker.com/plex-hacked-change-your-password-now-1715355825


#9

I stopped worrying about that way back when I changed my password as advised by Plex - when the forum got changed. Since then I've been concentrating on dealing with these new forums that pretty much suck. So long as SUCK doesn't also mean Unsecure, I can live with it.

If security becomes so involved that users can't even access their own stuff - that's when I start keeping my money under the mattress and go back to VLC via 'The Wire'. Plex doesn't need more security at this point. Some would argue they need less. I find it a happy compromise between PITA and Acceptable.


#10

@JuiceWSA said:
Plex doesn't need more security at this point. Some would argue they need less. I find it a happy compromise between PITA and Acceptable.

When it come to viewing your content. I'd say it's good.. But to delete your content, I say more security is needed.


#11

Just change the library setting so as not allow deletion.the only change that has been made is to the default setting

Also distinction between remote and local is no longer that straightforward. Because of DNS Rebinding protection on my router, most of my local subnet access is through my public ip and public port plex.direct URL


#12

@sa2000 said:
Just change the library setting so as not allow deletion.the only change that has been made is to the default setting

Oh my.. I must be over reacting on this subject. Who cares what the default state is.
If your account has been compromised(for whatever reason) the option can be turned on and all your files can be deleted with a few clicks. Remember, we can select multiple items now.


#13

@sa2000 said:
Just change the library setting so as not allow deletion.the only change that has been made is to the default setting

Also distinction between remote and local is no longer that straightforward. Because of DNS Rebinding protection on my router, most of my local subnet access is through my public ip and public port plex.direct URL

Lets keep it alive…

At least have the server need a restart after enabling/disabling the setting. That by itself adds more security. And on top of that maybe a quick message (like the new update available message) when you open plex web.