Hi guys,
I have a Plex server running on Android TV.
I can access it from Internet via manual port forwarding and static IP configuration in my router.
Everything works great, however I noticed that when I go into my ip:port address in browser in incognito mode, I am actually able to login there as ANY user!
After few checks I can say, that it does not look that as a different user I have access to the contents of my Plex server, however in the browser I still see that requests go to my home ip address, and that looks extremely dangerous.
Is it possible to somehow NOT allow any other accounts to log into my home server?
All that you can do without being authenticated as “you” is to load the web app into your browser. That’s it.
There is no access to any content on your server. There is actually no interaction with your server at all, except that it delivers the web app executable.
Although it is technically possible, an outside user has no incentive to load the web app from your server. Why taking the effort to 1. sniff out and 2. memorize your IP address and port number when a (additionally more modern) version of the web app is always available at https://app.plex.tv ?
Ok, so you’re saying it is correct, it is expected, and I should not worry, right?
Ok, I guess I am fine with it, but I still feel a bit unprotected. It is just a feeling, but I can’t get rid of it.
Thanks!
Yes and yes.
It’s like having a web server with a password protected area. Anyone can go to that page and load the login form. Only you can actually log in and do stuff.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
