Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Assuming the user will not be connecting over vpn, but is both remote and non-technical, how would you expose Jellyfin to them securely?
Im confused as to what people think the security issue is? Do they think someone will brute force their username and password with a billion queries?
That’s assuming an attacker will play nice with URL forming and discovering edge cases in POSTing shaped data to the service. Just encrypting is still weak security if the whole front-end web and API surface isn’t hardened.
Afraid people will use known vulnerabilities in common self-hosted software.
Sorry but are you guy not using Linux as your servers? Windows? Now I understand.