Hi,
I have been using my Wd MyCloud drive for some time, and is now updated to the last firmware. I have created 3 shares, one for each user. I have the media feature disabled on all 3. All went ok, each user can only access its own files.
However, a few days ago a friend came by with his windows8 PC and connected to my wifi network. To my surprise, when I was using his PC, I clicked on the wdmycloud icon on the file explorer and it opened the browser and connected to my cloud ip with the port:9000. It opened the Twonky interface, and on the Shares tab it was possible to browse ALL the directory tree in the WD drive and add all directories (the ones that are private to the 3 users…) to the media share. All without asking for a user/pass… I could select and view all the movies, music and pictures on my drive without entering a single user/pass…
I could not find any mention to this possibility in the user manual…It seems like a HUGE security problem…or it it only me???
No, it’s not just you… It’s anyone who uses ANY media server (not just Twonky, not just WD)…via DLNA, as DLNA has NO security mechanisms as part of the standard.
NEVER NEVER NEVER put sensitive files in shares that have a media server enabled. NEVER!
Clear? 
I had no sensitive files with media enabled…The problem is that in the twonky web interface you can add any media files in the drive to the media share…without any password…
Well, yeah, same thing… Don’t turn on DLNA on shares you want kept private.
Thats my problem…I have DLNA and media sharing off, but anyone in the wif network can turn it on using the :9000 twonky interface…And that was not told in the user guide…
Ahhh. Ok, I follow you.
Yeah, it’s possible to set a password on the Twonky management page, but you’re correct, it’s not set by default.
Yes, thats the problem. It should be refered in the manual. You set user/pass and think you’re ok.
But as I’ve seen from other posts not a big chance of WD taking the message…
