Zomboided
commented
4 years ago Yeah, storing the userID and password in a plain text file, which is what openvpn requires is unsafe. Putting those credentials in the xml for the Kodi settings is also unsafe. So even if I encrypt the settings and store them elsewhere, they need to get unencrypted and stored on disk for input to openvpn. Even if I accept that something is better than nothing, then the private certificates and keys used are also stored unecrypted for input to openvpn. This isn't going to get fixed.
The use of sudo (or admin on Windows, as it's the same issue there) isn't great, but the main use case is Kodi boxes like LibreELEC on which everything is unsecure so my motivation to spend time fixing this is close to zero. Sure it can be used on a full Linux/Window box where this is less than ideal but on those boxes there are other options for managing vpn connections outside of Kodi.
If you think I'm gathering credentials then your options are :
- Don't use this free software
- Inspect the code which is available on github
springjools
Addon requires the user associated with kodi to be a sudoer, which is not recommended. It also requires the caching of user's vpn credentials in an unsafe manner.
Would it be possible to find alternative methods for these issues. For example entering the credentals from a file? Also is it really necessary to kill the vpn process, maybe it could be restarted instead?
Unless your actual goal is to gather a vpn database with paid credentials?