File and Media server does not work well together and is security risk

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

File and Media server does not work well together and is security risk

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
File and Media server does not work well together and is security risk
File and Media server does not work well together and is security risk
2021-01-23 22:49:56 - last edited 2021-01-23 22:53:00
Model: Archer C5400X  
Hardware Version: V1
Firmware Version: 1.1.2 Build 20191223 rel.73956(5553)

Older models of TP-Link routers allowed me to select different directories for the file sharing server and the media server.
For some reason the C5400X (and juding by online emulators other newer modles too) does not let you select which of shared file directories should be shared by media server (the way it used to be).

This is a major problem for two reasons:

1) It is a security issue.
I may choose to share some files and directories for file server, and sensibly want to place a passwrod for access.
Some of these folders may have picture files and videos I may not wish to share on network in general without a password.
However, if I choose to turn on Media server, it (as is it's job) shares picture and video files without access control.
Since the C5400X applies media sharing to ALL the shared files and directories, not a selected subset, I just shared things I did not wish to share.

2) It is a bug issue - Media server does not detect media files if you share all of drive

It would appear the media server has some limitations related to the number of files and directories scanned for inclusion.
Specifically, if I share all the files and directories on my 4TB drive, it fails to find my music files (it finds 2 unrelated files from a game backed up).
If I choose to only share a smaller subset, like the directory I have my media in, it works ok - but now I cannot access or use any of the other files on drive from file server.
And evven if it DID work, I do not actually want to share a bunch og images and sound files from a bunch of games anyway - I want to share media files from my media directory only on media server

Specifically, I have a 4TB external USB drive.
N:/Media/....
N:/Backups/...


On my previous router I shared all files on file server, with password access - no problem. AND shared select directory of media files on media sever without clutter or sharing pictures I did not want to share - no problem.
This allowed my 4 Windows PCs to run their backups into N:/Backups/...
(and because of some Steam games there are many small image and sound files, files I do not wish to share on my media)
AND share N:/Media/... on Media server to play on my stereo, phone, tablets and PCs in my house.

For some reason my new router only allows me to apply media sharing to all of the (password controlled) shared files, making the password access control useless, and make media server fail because it is to many files (acording to tech support).

Right now I have to choose if I want to be able to share files and make backups, or if I want to share my music with media server so my stereo and TV and access them.

PLEASE BRING BACK ABILITY TO SELECT WHICH DIRECTORIES MEDA SERVER USES!.

I expected better from TP-Link and a $400 router.

  0      
  0      
#1
Options
6 Reply
Re:File and Media server does not work well together and is security risk
2021-01-23 23:56:50

@Jens_Winslow 

 

Not saying you are wrong or don't have a valid complaint.

 

I on the otherhand had a Router that allowed me to do that. However, it caused problems for me.

 

For example. I have a movie I ripped off of a DVD stored on the USB drive. That folder IS P/W protected. Good, just what you want. My PC's media player using Windows 10 via the network share could handle the PASSWORD request (actually a Windows Certificate did that). Great. Not so great on my iPad. VLC and another Media Client DID NOT know how to handle the p/w request and came back with the video not found.

 

So, in this case, I'd be in a no-win situation.

 

I guess it all depends on the devices and clients?

 

However, as long as these are Options it would be OK.

 

I also have only 'our' devices on the normal LAN. I set Guest accounts not to see the LAN, so for true guests I wouldn't need to protect anything.

 

As for " 1) It is a security issue. ", I wouldn't put anything on the USB drive that I didn't want anyone else to see anyway. If it is that sensitive to you, I'd find another way to save it, like to a flash drive or a USB drive on my PC? No capability to do that, you could put a flash drive on the router, share it, write to it, and then remove the flash drive.

 

As for "2) It is a bug issue - Media server does not detect media files if you share all of drive ", I personally have nor seen or noticed this on my Archer A20, or even other vendor Router's, but I never did an exhaustive search for any/all media files.

 

This is just my comments. I see you already found https://community.tp-link.com/us/home/forum/topic/212378, which is a better place for this post.

  0  
  0  
#2
Options
Re:File and Media server does not work well together and is security risk
2021-02-02 03:21:26 - last edited 2021-02-02 03:26:07

@IrvSp 

 

Hi IrvSp, thanks for suggestion.

Unfortunately sharing media as password protected files will not work my older media Centre - it expect a public media server and does not have means to provide credentials or password.

And I agree a USB drive may not be super secure - but still, if it advertises as file server with password protection, and as media server (which by definition is not password protected), it should work.

I think I'd have your problem too in a similar setup - if I did share as passworded file server, I'd need some other device to run a media server and handle password protected access. Depending on device that may not be an option - and why did I pay for a more powerful multi core CPU router if I need yet another device to run the media server anyway?
And to top it off, dealer refuses to take it back because "it is not faulty, TP-Link says it is working as designed".

But, that just means I'm not shopping at Canada Computers or TP-Link again.
And leaving bad reviews.

@TP-Link  Feel free to fix the software on router anytime - your old routers did let you specific which subset of shared password protected files were shared (based on your on-line emulators), so I know you can do it.

  0  
  0  
#3
Options
Re:File and Media server does not work well together and is security risk
2021-02-02 12:29:39

 

Jens_Winslow wrote

@IrvSp 

 

@TP-Link  Feel free to fix the software on router anytime - your old routers did let you specific which subset of shared password protected files were shared (based on your on-line emulators), so I know you can do it.

@Jens_Winslow 

 

I wouldn't buy Netgear or ASUS either then. I've had/have 3 Netgear's and 1 ASUS that work the same way, as well as 2 TP-Link's.

 

Which were the ones that allowed what you wanted to do?

 

On my A20, I can drill down in the drive to a specific FOLDER that I can share vs. the whole drive. But I can't create 2 or more shares on the drive, which would allow one to do what you want. It is one folder or the whole drive (All Folders) per USB port.

  0  
  0  
#4
Options
Re:File and Media server does not work well together and is security risk
2022-01-03 18:25:46

@Jens_Winslow 

 

I noticed the same thing for the media server with limiting access to folders.

 

My old router was an TP-Link A7, and it seemed to have the correct way to fix this issue.

It allowed you to share each directory, and than it had an option to either enable, or disable access for the media server. Just a simple checkbox to enable, or disable any folder from the media server scan. Check the box, and it's open to  the media server to scan for files. Uncheck (default) and media server didn't know that folder existed. But it still would work for secure sharing, as long as the media option was turned off, for that directory. Than a username and password was required for access to the folder. I was actually even able to create multiple accounts for login as well. Which looks like you have a set 2 accounts that would need to be shared on the new router. This is the way they should do it again in the newer models. 

 

There was an old windows trick that I actually just had to lookup. If you create a file called .nomedia in every directory you didn't want scanned it would skip that directory for media files. I don't know if this would work or not, but I'm going to test it out and see.

 

I'm really hoping I'm making sense right now. It was a long night testing things, and swapping out the routers last night. I wanted to make sure everything was working in the morning for everyone here to work from home. Not me of course I'm going back to sleep some more, sorry if I don't make sense I'm going to try and remember to come back and review this message after my brain gets some rest :)

 

 

 

  0  
  0  
#5
Options
Re:File and Media server does not work well together and is security risk
2022-01-03 20:09:28

@Tedz1 

 

It is not the Media Server that is the problem. It is the File Access from a remote Media Client. Media Clients can not (at least the ones I've used) handle the request for a UID and PW. So they default to File Not Found error.

 

This is no different than using the External Drive for an FTP Server. The FTP Server CAN see the files and will report those names to the remoter FTP Client. However, FTP Clients can handle UID and PW's as that is part of the design.

 

I don't see the reason to have .nomedia file either? Why would anyone care if the Medie Server read the directory or not? In addition, TP-Link's Mediia Server uses an SQL FILES.DB database. That details all the data for specific files and is what is read by the Media Server.. It is in the .TPDLNA folder. At least that is what I've seen on the few TPL routers I've had. Netgear uses the same method. Both run a Samba Server for DLNA by the way.

 

Again, the root problem is File/Folder protection. Using a PC like Windows, you can create a Certificate that holds your UID and PW, and then any access from the PC will use that. However, that is just to see the files. Want to OPEN one, nope, the program has to handle the request. The DLNA clients I've used, none handle that request (that it put up a prompt for you to enter the credentials). For instance, I'm on a Windows PC. The External Router drive is P/W protected. Windows File Manager can READ and WRITE to the drive. However, VLC on the PC can't see anything and reports drive not found. If the drive is NOT P/W protected, VLC works fine.

 

If you do discover how to beat this, please post how.

  0  
  0  
#6
Options
Re:File and Media server does not work well together and is security risk
2022-01-03 22:46:47

@Tedz1 
>There was an old windows trick that I actually just had to lookup.
>If you create a file called .nomedia in every directory you didn't want scanned it would skip that directory for media files.
>I don't know if this would work or not, but I'm going to test it out and see.

Cool idea, hope it work. Let us know ;D

My solution was different. I got a Synologic NAS with 2x10TB drives in RAID, and it runs a "real" media server.
Overkill, but I wanted NAS RAID backup for me and family on network, so the media server was more of a bonus for the $$$.
:-D

Part 2 of my solutiom is to make sure next router is
1) Not TP - I am not putting up with their BS
2) Supports access controls

  0  
  0  
#7
Options