Closed modem7 closed 9 months ago
That is actually just dummy characters made to look like a token, not my personal token, not sure if it even the correct number of chars
sorry was looking at this on mobile before, I see what you are saying now. To be honest there is always going to be a risk associated with using the token as the API requests will always contain it and can be intercepted by a bad actor. I think the amount of time needed to invest in making it "secure" is more than I am willing to devote at this point, sorry. That's why i'm so explicit about the intended use case.
If you look at
script.js
when running via a reverse proxy, it shares the token of the Plex server in plain text which is a massive issue.I understand that there is a warning
you should not host your copy of Medialytics anywhere that is publicly accessible
, but storing it in plain text may not be the best way of going about it.