Restrict web interface to media directory instead of whole filesystem
Forked from #19807 (closed):
The VLC web interface does not seem to allow any meaningful form of security - that is, anything that can reach the host on which VLC is running can try to connect, and anything which can sniff on that network can trivially decode the base64 encoded password. As the remote interface by default allows browsing the whole file system, this seems like quite a large security vulnerability.
This enhancement request treats two areas:
- By default, lock down what may be browsed through the web (And, really, all remote) interface(s) to a media-content-only directory, by default a new place which systems will NOT have, so that by default when any remote features are enabled NO content is effectively shared. e.g. {Windows} %USERPROFILE%\Videos\VLC\