Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Navidrome
  3. Plain text passwords

Plain text passwords

Scheduled Pinned Locked Moved Navidrome
7 Posts 4 Posters 1.5k Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • girishG Offline
    girishG Offline
    girish
    Staff
    wrote on last edited by girish
    #1

    Just a heads up, I noticed when reporting a bug upstream that passwords in navidrome are stored in plain text. The upstream issue - https://github.com/deluan/navidrome/issues/202 . This is done for maximum subsonic API capability.

    I have updated the post install message of the app to mention this. The best recommendation for now is to use some random password, for good measure.

    necrevistonnezrN 1 Reply Last reply
    3
    • girishG girish

      Just a heads up, I noticed when reporting a bug upstream that passwords in navidrome are stored in plain text. The upstream issue - https://github.com/deluan/navidrome/issues/202 . This is done for maximum subsonic API capability.

      I have updated the post install message of the app to mention this. The best recommendation for now is to use some random password, for good measure.

      necrevistonnezrN Offline
      necrevistonnezrN Offline
      necrevistonnezr
      wrote on last edited by
      #2

      @girish said in Plain text passwords:

      Just a heads up, I noticed when reporting a bug upstream that passwords in navidrome are stored in plain text. The upstream issue - https://github.com/deluan/navidrome/issues/202 . This is done for maximum subsonic API capability.

      I have updated the post install message of the app to mention this. The best recommendation for now is to use some random password, for good measure.

      As one should always do!
      Thanks for the info.

      1 Reply Last reply
      1
      • ? Offline
        ? Offline
        A Former User
        wrote on last edited by
        #3

        Boy oh boy thats not good. I had high hopes for Navidrome 😞

        girishG 1 Reply Last reply
        0
        • ? A Former User

          Boy oh boy thats not good. I had high hopes for Navidrome 😞

          girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #4

          @atrilahiji I think the design was chosen as a compromise. Without mobile apps (which use subsonic API), navidrome will be much less useful. I think what's missing (atleast for me) is they could have put this in the README or something.

          ruihildtR 1 Reply Last reply
          2
          • girishG girish

            @atrilahiji I think the design was chosen as a compromise. Without mobile apps (which use subsonic API), navidrome will be much less useful. I think what's missing (atleast for me) is they could have put this in the README or something.

            ruihildtR Offline
            ruihildtR Offline
            ruihildt
            wrote on last edited by
            #5

            @girish Does that mean there is a similar caveat with ampache and all subsonic compatible software?

            girishG 1 Reply Last reply
            1
            • ruihildtR ruihildt

              @girish Does that mean there is a similar caveat with ampache and all subsonic compatible software?

              girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #6

              @ruihildt From the navidrome issue I linked, I saw that Ampache decided not to support all the various subsonic clients apparently and does not store passwords in plain text - https://github.com/SenorSmartyPants/ampache/blob/develop/rest/index.php#L76

              1 Reply Last reply
              2
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #7

                This is now fixed in https://github.com/navidrome/navidrome/issues/202

                1 Reply Last reply
                2
                Reply
                • Reply as topic
                Log in to reply
                • Oldest to Newest
                • Newest to Oldest
                • Most Votes


                • Login

                • Don't have an account? Register

                • Login or register to search.
                • First post
                  Last post
                0
                • Categories
                • Recent
                • Tags
                • Popular
                • Bookmarks
                • Search