moodeaudio.org > Moode Forum moOde audio player Support v
*HELP* Secure Moode Audio Player from other People

Thank you for your donation!


Cloudsmith graciously provides open-source package management and distribution for our project.


Thread Modes
*HELP* Secure Moode Audio Player from other People
PatiTati Offline
Junior Member
*
Posts: 19
Threads: 4
Joined: Oct 2020
Reputation: 0
#11
10-18-2020, 11:19 AM (This post was last modified: 10-18-2020, 11:28 AM by PatiTati. Edit Reason: post update )
(10-18-2020, 11:09 AM)CallMeMike Wrote:
(10-18-2020, 10:40 AM)PatiTati Wrote: ....................... snip .........................

*edit* I don't know if there is a market for it, but it would also be cool if there would be a commercial version of moode, in which functions to secure the audio player were integrated. A kind of kiosk mode for commercial projects.

      FREE FOR ALL software getting 'monetised'...?  A can almost see a few people getting up in arms Undecided

I understand the ulterior motive or the philosophy of the moode Audio project, but for such "special orders" it would only be fair if the developer got money for them. don't you see it that way?

*edit*: Of course, always assuming the developer wants to accept special orders.
Find
Reply
metapy Offline
Junior Member
*
Posts: 2
Threads: 0
Joined: Aug 2020
Reputation: 0
#12
10-19-2020, 09:12 AM
The password is not very secure in the first place. It would not withstand someone using wireshark as you mentioned already.
   
Code:
Note that the password option is not secure: passwords are sent in clear-text over the connection, and the client cannot verify the server’s identity.

It should just be music being played, would someone go through the trouble of changing it without permission? If someone connected and changed the music could you not just talk to them?

If Tim didn't want to add the feature you could always hire it out it is GPL 3 licensed. If the code was any good Tim might even add it to the mainline code base as well to make updates easier.
Find
Reply
PatiTati Offline
Junior Member
*
Posts: 19
Threads: 4
Joined: Oct 2020
Reputation: 0
#13
10-19-2020, 11:46 AM
(10-19-2020, 09:12 AM)metapy Wrote: The password is not very secure in the first place. It would not withstand someone using wireshark as you mentioned already.
   
Code:
Note that the password option is not secure: passwords are sent in clear-text over the connection, and the client cannot verify the server’s identity.

It should just be music being played, would someone go through the trouble of changing it without permission? If someone connected and changed the music could you not just talk to them?

If Tim didn't want to add the feature you could always hire it out it is GPL 3 licensed. If the code was any good Tim might even add it to the mainline code base as well to make updates easier.

For password input with basic_auth i use HTTPS and a self signed certificate. Port 80 was redirect to 443 over nginx and secure with my ssl certificate. For normale use its enough protection. User inputs like passwords over basic_auth are secured through HTTPS and can not capture in plain-text with wireshark. At now it works ok, iOS only sometimes wants my access data a second time. But thats okay.

Of course you are right with "it should just be music played", but i want prevent this situation with a password protected webgui. When the company is big there are always some jokers...

I think Tim would adapt the code if there were a lot of requests for it. But unfortunately there is not enough demand for this...
Find
Reply
Jempie Offline
Member
*
Posts: 159
Threads: 8
Joined: Dec 2018
Reputation: 0
#14
12-10-2020, 03:26 PM
it would be nice if you can give each menu in the setting a code, that way only
you can access and change fi the network settings.

thanks
Find
Reply


Forum Jump: