Anybody can access /stream

Post your Server Bug Report

Anybody can access /stream

Unread postby omnikron » 16 Sep 2014, 21:48

(topic moved from wrong forum)

Hi,

Sorry if I'm not in the proper forum.

I believe there might be a security issue with acces to the /stream URI. On my setup (madsonic 5.0-3830) you can access it from anywhere without any authentication. Players like Jamstash uses /rest/stream.view, which looks correctly protected. The workaround I use for now is to comment out the servlet-mapping section for /stream in %madsonic-home%/jetty/3880/webapp/WEB-INF/web.xml, but that breaks the internal Web player because it does not seam to be using the REST API.

Can you confirm if whether or not there is a security issue here.

Many thanks.
omnikron
 
Posts: 1
Joined: 18 May 2014, 16:36
Has thanked: 0 time
Been thanked: 0 time

Return to Bug Reports 5.x

Who is online

Users browsing this forum: No registered users and 2 guests

cron