search

mopidy / mopidy-spotify

Mopidy extension for playing music from Spotify
https://mopidy.com/ext/spotify/
Apache License 2.0
934 stars 108 forks source link

Implement password-cmd to mopidy.conf to harden security #305

Closed gorrila20 closed 6 days ago

gorrila20 commented 3 years ago

I feel like storing my password in plaintext is a bit insecure, therefore I would like to implement the following feauture:

This feauture will add a password-cmd field to the config file. The command given after the = sign will be executed by the operating system and stdout will be the password used by mopidy-spotify. This allows users to use pass, or gopass to store their passwords and not force them to use a keyring.

Before I implement this feauture (I have some time next week I think), I would like to know if this feauture will get merged with the main project.

jodal commented 3 years ago

Personally, I believe that the important part is to use different passwords for different services (and then probably use a password manager to make that manageable). If you do that, storing a password that is only used for Spotify in plain text on your local disk isn't a threat I'd spend any time worrying about.

A password command solution would have to be something that could be used by all Mopidy extensions. I'm not going to merge a solution that is specific to Mopidy-Spotify.

PoisonFrog commented 3 years ago

Personally, I believe that the important part is to use different passwords for different services (and then probably use a password manager to make that manageable). If you do that, storing a password that is only used for Spotify in plain text on your local disk isn't a threat I'd spend any time worrying about.

A password command solution would have to be something that could be used by all Mopidy extensions. I'm not going to merge a solution that is specific to Mopidy-Spotify.

I really like this feature. I use pass just for configuration files and scripts. It is very helpful if other people have access to the computer. The lack of password-cmd support bothers me.

kingosticks commented 1 year ago

Now we've moved to using spotifyaudiosrc instead of libspotify, we technically only require username and password once in order to obtain a "reusable credentials" blob, which is then used thereafter for playback. Currently this blob file lives in Mopidy-Spotify's cache directory. This is arguably the wrong place for a sensitive file as by default it has insecure read-all permissions. We could add implement this feature to remove the username/password config settings and ensure more restrictive file permissions for the blob.

kingosticks commented 6 days ago

Closing this as user and pass are no longer required (and they don't work).