Hehe guess we are the only ones alive in this forum from time to time.
Well I was not aware of this “feature” which is a security wise quite huge flaw.
I mean if the link was
/databases/item/1/RANDOMKEY.mp3
then ok. But the id is very very predictable. De facto such a DAAP server is open for anyone. Inacceptable when you use it from remote also.