I've been looking at some of the external access into my network to see how exposed we are at the house. I noticed that when I connect to my network externally on port 8089 (8089 is port forwarded to my Channels DVR) I'm presented with a page which allows me to request an access token and then apply that access token which then gives complete access to my Channels DVR. I'm trying to figure out if this is something which anyone could do or if it happened that way because my laptop was authenticated to the Channels DVR server already and so it could see this. I was doing this from work, outside my network, on my work laptop, which I didn't think was authenticated to my Channels DVR. If this is something which does not require login authentication, I'm wondering if the devs have thought of handling it differently to make access to the DVR by an external party, more difficult. Also, I looked to see if there was a way to change the port so I could pick something else, but it doesn't look like there is. Not a great option, but slightly more secure than a lower number port near commonly used ports.
I'm running the raspberry Pi image Channels provides, on a RPi 4, with the latest updates from Channels.