Closed GoogleCodeExporter closed 9 years ago
Thanks for the compliment! The password is stored in plain text and this was
an intentional decision. We should have made it more clear in the wiki, but
the password for DAAP is completely insecure. It is sent in plaintext using
http in the url and this is part of the DAAP protocol, which we can't change.
For this reason, we recommend not using a strong password. Even if the
password was secured, all the information streaming back and forth are also in
plaintext. Having the password appear in settings should be a reminder to not
use anything that is considered secure, which people may use with another, more
secure account like a bank account.
Original comment by michael.miceli88@gmail.com
on 21 Dec 2012 at 4:00
Original issue reported on code.google.com by
carlchro...@gmail.com
on 21 Dec 2012 at 12:17