Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Plain text passwords

    Navidrome
    4
    7
    97
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • girish
      girish Staff last edited by girish

      Just a heads up, I noticed when reporting a bug upstream that passwords in navidrome are stored in plain text. The upstream issue - https://github.com/deluan/navidrome/issues/202 . This is done for maximum subsonic API capability.

      I have updated the post install message of the app to mention this. The best recommendation for now is to use some random password, for good measure.

      necrevistonnezr 1 Reply Last reply Reply Quote 4
      • necrevistonnezr
        necrevistonnezr @girish last edited by

        @girish said in Plain text passwords:

        Just a heads up, I noticed when reporting a bug upstream that passwords in navidrome are stored in plain text. The upstream issue - https://github.com/deluan/navidrome/issues/202 . This is done for maximum subsonic API capability.

        I have updated the post install message of the app to mention this. The best recommendation for now is to use some random password, for good measure.

        As one should always do!
        Thanks for the info.

        1 Reply Last reply Reply Quote 1
        • atridad
          atridad App Dev last edited by

          Boy oh boy thats not good. I had high hopes for Navidrome 😞

          https://atridad.dev/
          https://lahijiapps.dev/
          "I exist only as a vessel for hatred and pasta."

          girish 1 Reply Last reply Reply Quote 1
          • girish
            girish Staff @atridad last edited by

            @atrilahiji I think the design was chosen as a compromise. Without mobile apps (which use subsonic API), navidrome will be much less useful. I think what's missing (atleast for me) is they could have put this in the README or something.

            ruihildt 1 Reply Last reply Reply Quote 4
            • ruihildt
              ruihildt @girish last edited by

              @girish Does that mean there is a similar caveat with ampache and all subsonic compatible software?

              girish 1 Reply Last reply Reply Quote 1
              • girish
                girish Staff @ruihildt last edited by

                @ruihildt From the navidrome issue I linked, I saw that Ampache decided not to support all the various subsonic clients apparently and does not store passwords in plain text - https://github.com/SenorSmartyPants/ampache/blob/develop/rest/index.php#L76

                1 Reply Last reply Reply Quote 2
                • girish
                  girish Staff last edited by

                  This is now fixed in https://github.com/navidrome/navidrome/issues/202

                  1 Reply Last reply Reply Quote 2
                  • First post
                    Last post