Plain text passwords

girish

Just a heads up, I noticed when reporting a bug upstream that passwords in navidrome are stored in plain text. The upstream issue - https://github.com/deluan/navidrome/issues/202 . This is done for maximum subsonic API capability.

I have updated the post install message of the app to mention this. The best recommendation for now is to use some random password, for good measure.

necrevistonnezr

@girish said in Plain text passwords:

Just a heads up, I noticed when reporting a bug upstream that passwords in navidrome are stored in plain text. The upstream issue - https://github.com/deluan/navidrome/issues/202 . This is done for maximum subsonic API capability.

I have updated the post install message of the app to mention this. The best recommendation for now is to use some random password, for good measure.

As one should always do!
Thanks for the info.

A Former User

Boy oh boy thats not good. I had high hopes for Navidrome

girish

@atrilahiji I think the design was chosen as a compromise. Without mobile apps (which use subsonic API), navidrome will be much less useful. I think what's missing (atleast for me) is they could have put this in the README or something.

ruihildt

@girish Does that mean there is a similar caveat with ampache and all subsonic compatible software?

girish

@ruihildt From the navidrome issue I linked, I saw that Ampache decided not to support all the various subsonic clients apparently and does not store passwords in plain text - https://github.com/SenorSmartyPants/ampache/blob/develop/rest/index.php#L76

girish

This is now fixed in https://github.com/navidrome/navidrome/issues/202