now that HTTPS way is open (thank god and elan! :) ) I would like another implementation (if possible) in the security domain.
A "workflow" in the Devices/Token authorization so I have exact control on which Devices could play items on my shared server.
Example:
- I share my server with myplex friend account
- myplex friend account and password got stolen in some way (my friend fault, not myplex!)
- the malicious thief could play items
If instead the server owner have the rights to manually authorize the devices of the myplex accounts to whom the server is shared that would be easily avoided (and if the devices get stolen you can already remove authorization)
I'm asking this because the real world case that I explained actually happened to me and it was just luck I discovered that (saw an unusual ip in netstat).
Don't know if it was already proposed and if it makes sense to you, it surely would make me really happy! (and all paranoid ppl like me :) )
(obviously you can make it optional as "automatic authorize all device" "manually authorize devices")
now that HTTPS way is open (thank god and elan! :) ) I would like another implementation (if possible) in the security domain.
A "workflow" in the Devices/Token authorization so I have exact control on which Devices could play items on my shared server.
Example:
- I share my server with myplex friend account
- myplex friend account and password got stolen in some way (my friend fault, not myplex!)
- the malicious thief could play items
If instead the server owner have the rights to manually authorize the devices of the myplex accounts to whom the server is shared that would be easily avoided (and if the devices get stolen you can already remove authorization)
I'm asking this because the real world case that I explained actually happened to me and it was just luck I discovered that (saw an unusual ip in netstat).
Don't know if it was already proposed and if it makes sense to you, it surely would make me really happy!
Thanks,
S
why would you not just disabled his login? The stolen device would no longer have access as his login would no longer have permission. (you can also delete the stolen device token from https://my.plexapp.com/devices)
when he then resets his password you can re-enable him and the stolen device would still not have access as its login/token would not be correct.
The problem is not "what do I do after I discovered the problem" ... that is already covered with the tools offered at the moment.
The problem I'm exposing is awareness... neither me or my friend were aware of his stolen account possibly for days and I think that the solution I proposed would be one of the best (even if someone stoles account will surely try them on new devices)
The problem is not "what do I do after I discovered the problem" ... that is already covered with the tools offered at the moment.
The problem I'm exposing is awareness... neither me or my friend were aware of his stolen account possibly for days and I think that the solution I proposed would be one of the best (even if someone stoles account will surely try them on new devices)
then im not with you.
If you authorise his login, then surely you also going to authorise his devices, right?
so if his device gets stolen, with his login on it, it's still going to be able to connect... you still need to know its stolen to be able to do something about it?
If you authorise his login, then surely you also going to authorise his devices, right?
so if his device gets stolen, with his login on it, it's still going to be able to connect... you still need to know its stolen to be able to do something about it?
Me, as server manager I'm mainly interested in the use case of myplex stolen account, which my friend (and me if i'm not parsing my logs all day and night) could not be aware for days after the event happened
The stolen device use case is already covered by plex with the remove button and the friend which lost his device should do it or notice me to disable his account
Me, as server manager I'm mainly interested in the use case of myplex stolen account, which my friend (and me if i'm not parsing my logs all day and night) could not be aware for days after the event happened
The stolen device use case is already covered by plex with the remove button and the friend which lost his device should do it or notice me to disable his account
Hope this makes sense
S
ok, so stolen account, some random device... makes sense...
personally, if someone im sharing with is stupid enough to have their details stolen, I'm no longer sharing my stuff with them.
2021 clean-up: capabilities to mitigate such issues are already in place – users can check for foreign devices linked to their account (that’s their job, not yours), in case their account has a breach they should reset their password and sign-out all devices (option implemented/available) – if they lose control over their account for good you can remove them from your server
