Add a switch for password based authentication

thelinkin3000 / SonicLair

A minimal, mobile-ready, album-centered music client for subsonic compatible music servers.

https://soniclair.vercel.app

MIT License

46 stars 4 forks source link

Add a switch for password based authentication #2

Closed epoupon closed 2 years ago

epoupon commented 2 years ago

Hello, Thanks for your work. It would be great if you can support the password authentication ('p' parameter) scheme.

Using the hashed+salted scheme prevent the server from:

storing passwords hashed+salted
forwarding authentication requests (PAM, LDAP, etc.)

thelinkin3000 commented 2 years ago

Hi, thanks for trying the app!

I looked up your server and it's pretty interesting! I'm gonna add support for password based authentication. It's probable I'll add a message recommending the user not to use it unless it's absolutely necessary, sending passwords without hashing over insecure connections doesn't seem like a good idea.

Would you like me to add a reference to LMS such as "Use plaintext password for authentication. (Required by some servers such as LMS)"?

I'm gonna spin an instance up and get to it.

epoupon commented 2 years ago

Hi! Thanks for considering this. Don't bother mentioning lms :)

thelinkin3000 commented 2 years ago

I installed an instance of LMS and got it working with the PWA version!

@epoupon if you have an instance of LMS running using ssl, you're welcome to try the PWA version on vercel!