Plain text passwords
-
Just a heads up, I noticed when reporting a bug upstream that passwords in navidrome are stored in plain text. The upstream issue - https://github.com/deluan/navidrome/issues/202 . This is done for maximum subsonic API capability.
I have updated the post install message of the app to mention this. The best recommendation for now is to use some random password, for good measure.
-
@girish said in Plain text passwords:
Just a heads up, I noticed when reporting a bug upstream that passwords in navidrome are stored in plain text. The upstream issue - https://github.com/deluan/navidrome/issues/202 . This is done for maximum subsonic API capability.
I have updated the post install message of the app to mention this. The best recommendation for now is to use some random password, for good measure.
As one should always do!
Thanks for the info. -
Boy oh boy thats not good. I had high hopes for Navidrome
-
@atrilahiji I think the design was chosen as a compromise. Without mobile apps (which use subsonic API), navidrome will be much less useful. I think what's missing (atleast for me) is they could have put this in the README or something.
-
@girish Does that mean there is a similar caveat with ampache and all subsonic compatible software?
-
@ruihildt From the navidrome issue I linked, I saw that Ampache decided not to support all the various subsonic clients apparently and does not store passwords in plain text - https://github.com/SenorSmartyPants/ampache/blob/develop/rest/index.php#L76
-
This is now fixed in https://github.com/navidrome/navidrome/issues/202
