this post was submitted on 19 May 2026
487 points (97.8% liked)

Technology

84796 readers
4255 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
487
Plex increasing Lifetime Plex Pass cost to whopping $750 (9to5mac.com)
submitted 22 hours ago by dantheclamman@lemmy.world to c/technology@lemmy.world
236 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] kata1yst@sh.itjust.works 3 points 18 hours ago (1 children)

This is a concern if you just port forward through a router. This isn't a problem if you simply use a reverse proxy, which is standard and normal and expected and not difficult at all.

[–] mic_check_one_two@lemmy.dbzer0.com 7 points 18 hours ago (1 children)

It’s a concern even with a reverse proxy. The reverse proxy encrypts your connection from A to B, but does nothing to stop the various security concerns that have been noted. Because those concerns don’t rely on intercepting unencrypted traffic. If you can reach Jellyfin’s main log in page, you can exploit it. Full stop.

The only way a reverse proxy would stop someone from being able to exploit it is to include a separate login on your reverse proxy, meaning attackers wouldn’t even be able to hit Jellyfin’s landing page unless they know your proxy’s password. But notably, this breaks basically everything except for browsers. All of your smart TVs, mobile apps, etc would stop functioning, because they’d bounce off of that reverse proxy login page.

[–] kata1yst@sh.itjust.works 2 points 18 hours ago* (last edited 18 hours ago)

I don't proxy the port, I proxy the routes needed for auth and interface. This isn't that hard.

EDIT: ah I see what you're saying, you're talking about the app surface rather than the raw admin API. The risk is small enough with the remaining attack surface that I'm not particularly worried, though obviously I'd like it to be better.