Hello,
Is it allowed to change plex password that seems to generated by default when installing plex on my syno (using synology package center).
I remember modifying this password years ago on another synology NAS and then Plex Server was no more usable.
I find it unsecure to have a “generated” or “constant” password for a new user on my nas. maybe everyone knows this password, it is not safe.
No.
See these posts:
thanks for your answer.
then password is a random one but… it is provided to PLEX server (not mine, the official one. right ?)
because I don’t know the password and when I use phone application or firefox I can connect to plex without providing any user password.
I guess the random password is then “stored” in my plex account. right ?
then plex server (official one) know address of my nas, know that there is a “plex” user and has the password right ?
I guess it can access only to folder I have shared but anyway it is kind of “lack of security”, right ? we have to trust 100% to plex admins and plex server security, right ?
Do not confuse the password for the plex user on the Synology and the username/password for your Plex account.
The password referenced in my reply is the one used by the user plex to run the Plex Media Server process on the Synology NAS. It is stored on the NAS. It is not stored with your account at plex.tv. You cannot use it to login to your Plex account and stream your media.
The username/password you use to login to your Plex account is completely different. That is the password you use to login to your Plex account and access your media. Your Plex account password is stored with your account at Plex. See @ChuckPa’s post below regarding your account password. You can change your account password at any time in your account settings.
thanks again. I don’t confuse both password.
I have one plex account on plex official server (login = mail). And plex creates a user “plex” on my nas with a random password.
As I am able to connect to my data in my NAS through PLEX android application or through Firefox WITHOUT providing anything else than my PLEX account, I guess that my PLEX account may store somewhere the password of the “plex user” on the NAS.
If not I don’t know at all how the android application could read all my film on my nas whereas I don’t provides any user or password on the NAS to the PLEX application.
and the same when I connect to plex from firefox…
so for me, plex official server (where my plex account is created, not my nas) stores my nas address + plex password and this is linked to my plex account.
Am I wrong ?
I know of two ways to stream media from a Plex server without using a login & password. Neither involve the plex user on your Synology NAS.
You have entered information in Settings → Network → List of IP addresses and networks that are allowed without auth.
You are running your server in an unclaimed state. This would involve claiming the server, setting up libraries, etc, then logging out via Settings → General → Sign Out.
If I may respond?
How it works:
The password for your Plex account is not stored as Plain Text. None of it is stored locally. It is stored as Hash code at Plex.tv.
When signing in, the actual password you type is converted, in the browser app, to a hash string. That hash string is sent, via https, to Plex.tv, which responds with a Yes or No .
If Plex.tv responds with a “Yes”, it also sends one more piece of information to the app; your Plex “Token”. This is the Hash Key for your account. It is referred to as “X-Plex-Token” or “PlexOnlineToken”.
The app then adds this Plex Token to the messages it sends the server. The server checks the Key provided against the key it knows (which it got from Plex.tv as well). If they match, you’re accepted as the “Administrator/Owner” so you may do what you wish.
As far as Linux is concerned (DSM)
From the Plex Media Server operational perspective -
DSM 6
The ‘plex’ user linux account was created. The alternative is to run as the system super user (root) which was NOT acceptable.
To protect the ‘plex’ user account -
uuidgen
uuidgen output string is:[chuck@lizum photos.2010]$ uuidgen
e67e6e6c-a509-4a65-8d1e-86739d1dbec5
[chuck@lizum photos.2011]$
plex can only be utilized in the control scripting where we tell it which shell to use.DSM 7
In DSM 7, Synology enhanced the security even futher.
User plex no longer exists as an account which can be coerced to allow login.
System Internal User (the new classification) PlexMediaServer is both created and maintained by DSM 7. Plex has no control of the “username” at any point.
Further, I must request:
DSM 7 grants the request as it deems appropriate.
The package has no knowledge of where the “PlexMediaServer” shared folder is stored. It is “sandboxed”.
Hardware transcoding capability won’t be known until PMS itself attempts to use it.
A big thank both of you for your detailled answers.
What I was missing was the fact that the connection to my plex server wasn’t done using the “plex” user. plex user is used internally in the NAS only to access all files. So password for plex user + password is created at installation and stored only by the plex server to access files. Right ?
The external connection to the plex server in my NAS is done using another mean that you well described in your post.
It involves plex.tv website (so I guess that if plex.tv is down I won’t be able to use plex anymore. right ?)
some remaining questions if you have time to anwer :
(sorry in advance if you think I’m too much paranoiac, I don’t care if someone can see the name of the film I want to see, but it is just to “understand” the principle as it is more complex that an direct point-to-point connection between my phone and my server.)
1 - protection of the credential part :
whatever website I use to connect to plex (internal IP adress, external IP adress without https, or plex.tv adress with https => plex account credential will be transmitted to plex.tv using https, right ?
2 - protection of what displays (text only) my plex website on the nas. Are text information from the plex website on my nas securized beween the transmission from my serveur to my phone or computer ? Three possibility (using a browser)
A - If I use internal IP address (http only) => no problem as I’m on my personnal LAN.
B - If I use plex.tv adress, https is activated so I guess there is no problem but in fact I don’t how if the connection between plex.tv and my personnal NAS is securized. if yes, using which certificate ? the same that I use to securize https for my XXXX.tk address that is address of my NAS ?
C - If I use XXXX.tk website to connect to my plex server on my NAS ? (https don’t work here, another post for this subject), no encryption of the stream between my NAS and my browser ? so all my list of film and songs can be read by someone that intercept my transmission ? right ?
3 - protection of the stream of data (the film that is read, the music that is heard, the photo that is seen) => it is managed like the text of the website ? encrypted or not, depending of the adress I use to connect to the plex server ?
bonus question : what use Plex android application to connect to my NAS ? plex.tv ? internal IP if I’m in my home ? external IP ?
bonus question2 : I remember that there is a configuration (default one or not) where all the data stream goes through plex.tv server ? am I wrong ?
All credentials are exchanged via HTTPS.
The default communicaton on LAN or WAN is HTTPS.
You may opt to use HTTP-only on LAN.
Any user, who uses App.Plex.TV to communicate with your server is HTTPS.
Any user, who accesses your server directly by IP address or FQDN, may use HTTP if you permit it. If you do not permit HTTP then the connection will be HTTPS.
ALL Plex apps use HTTPS as the default. All Plex apps allow HTTP on LAN if you select the option in the app settlngs,
If enabled in the Server settings, Plex Relay is the service which allows remote access when a direct connection is not possible. The bitrate limit is 2 Mbps for PlexPass users, 1 Mbps for free users.
NAS user account plex (DSM 6) and NAS system internal user account PlexMediaServer (DSM 7) only exist on the Synology so that Plex can run on the host. It serves no other purpose.
2 - I don’t change anything and http only is working on LAN using internal IP address :
http://192.168.X.X:32400
if using https://192.168.X.X:32400 I have following error message :
Firefox don’t trust this website because it use a certificate that is not valid for 192.168.X.XX:32400. certificate is valid only for *.lkazjlzakjlzkdjzldkjdlkj.plex.direct.
Code d’erreur : SSL_ERROR_BAD_CERT_DOMAIN
4 - yes I have the feeling that the certificate that is installed by plex server is valid for plex.tv
5 - I don’t allow it especially and it works with http, without configuration on my side. If i try to connect to :
https://XXX.tk:YYYYY
I have the same error message than for using https with internal IP.
7 - this option is not enabled by default right ? i don’t need the relay as I can have a direct connection with my server. right ?
ps : I have a letsencrypt certificate that works correctly when I want to connect to DSM from external or internal using my https://XXX.tk address. I don’t know if it could be used to access correctly to plex server in https so that firefox don’t cry about the certificate that is not valid.
I think that even if certificate is not valid, transmission is still encrypted but I’m not sure.
Open the server using http://192.168.x.x:32400/web
Plex will load the Plex/web app (read only) using HTTP
Plex/web will then, call back to the server using HTTPS.
You will see the green dot with the lock symbol next to the server’s name which confirms Plex/Web is HTTPS
Thanks.
Using plex.tv website or http://my domain.tk:xxx, I have the green lock next the name of my plex server name.
Using internal Ip, I have not green lock but I don’t care as all my stream are internal.
When I’m using http://my domain.tk:xxx and green lock is activated it means that connection to my plex server is securized.
But as website is not https then am I true when I say that all the website content that I’m currently seeing can be seen (caught) by someone on internet. Right ?
For instance a company that want to analyze what are the top 10 films that are seen by plex users.
So what is really securized ? The access to the data of my nas and only this? When I see a film is the data stream of the film encrypted ? Maybe not…
YES – When green lock, you have secure communication.
The entire communication session is secure & encrypted. Nobody can read anything which is sent or received.
This is the purpose of HTTPS. It is 100% private.
very sorry not to understand but as the web site is only http:// the content itself of the webpage is not protected, right ?
http is only used to load the plex/web app from PMS
The first thing it does is switch to https (secure) because it has a valid certificate embedded in it.
Everything is secure – unless you disable it.
I can see the switch to https on the browser adresse tab ? because for me except the green lock, browser is kept in “http” without switch.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
