(topic moved from wrong forum)
Hi,
Sorry if I'm not in the proper forum.
I believe there might be a security issue with acces to the /stream URI. On my setup (madsonic 5.0-3830) you can access it from anywhere without any authentication. Players like Jamstash uses /rest/stream.view, which looks correctly protected. The workaround I use for now is to comment out the servlet-mapping section for /stream in %madsonic-home%/jetty/3880/webapp/WEB-INF/web.xml, but that breaks the internal Web player because it does not seam to be using the REST API.
Can you confirm if whether or not there is a security issue here.
Many thanks.
Anybody can access /stream
Post your Server Bug Report
Jump to
- Madsonic
- ↳ Info / Announcements
- ↳ Voting Polls
- ↳ Madsonic Client
- ↳ Support
- ↳ Feature Requests
- ↳ Madsonic Node
- ↳ Support
- ↳ Feature Requests
- ↳ Madsonic Server
- ↳ Info
- ↳ Support
- ↳ Feature Requests
- ↳ Plugins & Addons
- ↳ Docker
- ↳ UnRAID
- ↳ FreeBSD
- ↳ FreeNAS
- ↳ Synology
- ↳ QNAP
- ↳ OpenMediaVault
- ↳ Netgear
- ↳ Asustor
- ↳ MusicBee
- ↳ Tomahawk
- ↳ XBMC
- ↳ Clementine
- ↳ KODI
- General
- ↳ Info
- ↳ Announcements
- ↳ Voting Polls
- ↳ General
- ↳ Development
- ↳ Development Voting Polls
- ↳ Client 6.x
- ↳ Info
- ↳ Support
- ↳ Bug Reports
- ↳ Feature Requests
- ↳ Solved Requests
- ↳ Server 5.x
- ↳ Support 5.x
- ↳ Bug Reports 5.x
- ↳ Feature Requests 5.x
- ↳ Server 6.x
- ↳ Info
- ↳ Support 6.x
- ↳ Bug Reports 6.x
- ↳ Feature Requests 6.x
- ↳ Solved Requests
- ↳ Node 6.x
- ↳ Info
- ↳ Support
- ↳ Download
- ↳ Madsonic 6.x
- ↳ Madsonic Transcoding
- ↳ Player / Tools / Themes
- ↳ Scripts
- ↳ Off Topic