Closed gdhgdhgdh closed 10 years ago
hechtus
commented
10 years ago This is definitely a problem that has to be solved. As a quick hack you may remove 'password' from line 105 in the file Settings.pm. This way the password is not shown anymore. But the password is still saved as plaintext in the SLIM preferences. It could be encrypted.
gdhgdhgdh
commented
10 years ago Ah that's great, thank you!
If I need to change any settings in the gmusic plugin, will pressing 'Apply' wipe out the saved password?
hechtus
commented
10 years ago No, it will not. The saved password will only be changed if you enter something into the password field.
gdhgdhgdh
commented
10 years ago Excellent - thank you :)
ukslim
commented
10 years ago Also consider enabling two-factor authentication for your Google account.
For the plugin, and other apps that don't have two factor auth, you'll have to get a single-use password: https://support.google.com/accounts/answer/185833?hl=en
The single use password is still sensitive, but at least it can't be used to hijack your account.
It would be cool if gmusicapi supported full two-factor, but not urgent.
On Wednesday, March 5, 2014, gdhgdhgdh notifications@github.com wrote:
Excellent - thank you :)
Reply to this email directly or view it on GitHubhttps://github.com/hechtus/squeezebox-googlemusic/issues/30#issuecomment-36722277 .
"There is no way to peace; peace is the way"
hechtus
commented
10 years ago @ukslim it seems that I will have to take a look at this two factor authentication. I already have some other requests to support this.
jonaz
commented
10 years ago Just started using the plugin. This feels quite urgent. After saving the password is should NOT be displayed in the google music settings page.
hechtus
commented
10 years ago OK. If it's really urgent you could remove password in Settings.pm from this place:
# To avoid showing the password remove it from the list
for my $param(qw(username password device_id disable_ssl my_music_album_sort_method all_access_enabled all_access_album_sort_method max_search_items max_artist_tracks max_related_artists)) {
$params->{'prefs'}->{$param} = $prefs->get($param);
}I will do so in the next release.
Hi,
At the moment the 'Password' field in the Google Music shows the account password in plaintext. I use my SqueezeServer as a shared resource for the house which means that the password for my own Google account is shown to anyone on the LAN who browses the SqueezeServer settings.
I trust my family so I'm not too worried. Even so, it would be great to not show the password.
Can the password field be made 'write only'? Perhaps replace the current text-box with the word '[stored]' and an option to change the stored password?
Thanks for a great plugin - it's excellent to see there's still life in the 'SlimServer' even after Logitech abandoned it....