Closed GigaFyde closed 3 years ago
As of right now, all routes registed by the plugin don't seem to be secured in any way. This means anyone could access and read the data.
Example route: http://localhost:8096/emby/user_usage_stats/user_activity It's not limited to localhost only.
Would like to see this limited to authorized admin users only.
This should be fixed now
Happy to report that it's indeed no longer publicly accessible from the looks of it. Greatly appreciated.
As of right now, all routes registed by the plugin don't seem to be secured in any way. This means anyone could access and read the data.
Example route: http://localhost:8096/emby/user_usage_stats/user_activity It's not limited to localhost only.
Would like to see this limited to authorized admin users only.