[Implemented] None of this is worth anything without security.

It's been a couple of years now and there is still no progress on adding encryption to this system? Where is the HTTPS?

I'm really very nervous using a system that can be easily hacked.

When will we have some progress and stop supplying the NSA with videos?

KC

I hope they fix this quickly! There are a few topics about this:

• https://forums.plex.tv/topic/118651-feature-request-fix-the-gaping-security-holes/
• https://forums.plex.tv/topic/101886-proof-of-concept-token-exploit-please-fix-this-massive-security-hole/

https everything please.

It's been a couple of years now and there is still no progress on adding encryption to this system? Where is the HTTPS?

I'm really very nervous using a system that can be easily hacked.

When will we have some progress and stop supplying the NSA with videos?

KC

As Tijder pointed out, others have expressed concerns about security. To make a separate thread will benefit nobody. I am confident that the Plex devs have taken notice and will give it the weight it deserves. If you wish to add your voice to the chorus why not throw some support behind an existing thread?

Setting that aside, if you are truly concerned why not take the precautions that everyone should take:

1. Robust firewall (pfSense is a good choice, https://www.pfsense.org)
2. Encrypted VPN connection (Private Internet Access is a good choice, https://www.privateinternetaccess.com)
3. Make your Plex device accessible only through the LAN
4. Don't put incriminating content on your server

While taking these steps may restrict certain conveniences, you can rest assured the NSA won't know that you secretly like My Little Pony and the Care Bears.

As Tijder pointed out, others have expressed concerns about security. To make a separate thread will benefit nobody. I am confident that the Plex devs have taken notice and will give it the weight it deserves. If you wish to add your voice to the chorus why not throw some support behind an existing thread?

With all respect to the Devs, I am not that confident. There are exploits in the authentication known for over 6 months, Proof Of Concepts have been published and still no fix. It goes so far that people are implementing their own HTTPS-forced solution as an add-on for the community. A job that should be done by the devs in the first place.

In my honest opinion, given the special status Plex has on your average NAS (Plex has root-like access to the filesystem, and can upload pictures and thus files) security should be top-priority. Any security problem does not only compromise the Plex installation, but most likely the entire NAS/Server. I do not see a Dev-reaction that is vigilant enough to tackle this that reflects that notion...

Jaap

There's a good thread about this issue already: https://forums.plex.tv/topic/101886-proof-of-concept-token-exploit-please-fix-this-massive-security-hole

And I agree, security should be taken more seriously in Plex!

With all respect to the Devs, I am not that confident. 

Me neither. As much as I love Plex, it seems new cool features are more popular, hence get priority. But like the op said, none of this is worth much without security. With friends sharing accounts and the security threats mentioned in other threads, Im considering making my server LAN only.