You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I feel like storing my password in plaintext is a bit insecure, therefore I would like to implement the following feauture:
This feauture will add a password-cmd field to the config file. The command given after the = sign will be executed by the operating system and stdout will be the password used by mopidy-spotify. This allows users to use pass, or gopass to store their passwords and not force them to use a keyring.
Before I implement this feauture (I have some time next week I think), I would like to know if this feauture will get merged with the main project.
The text was updated successfully, but these errors were encountered:
Personally, I believe that the important part is to use different passwords for different services (and then probably use a password manager to make that manageable). If you do that, storing a password that is only used for Spotify in plain text on your local disk isn't a threat I'd spend any time worrying about.
A password command solution would have to be something that could be used by all Mopidy extensions. I'm not going to merge a solution that is specific to Mopidy-Spotify.
Personally, I believe that the important part is to use different passwords for different services (and then probably use a password manager to make that manageable). If you do that, storing a password that is only used for Spotify in plain text on your local disk isn't a threat I'd spend any time worrying about.
A password command solution would have to be something that could be used by all Mopidy extensions. I'm not going to merge a solution that is specific to Mopidy-Spotify.
I really like this feature. I use pass just for configuration files and scripts. It is very helpful if other people have access to the computer. The lack of password-cmd support bothers me.
Now we've moved to using spotifyaudiosrc instead of libspotify, we technically only require username and password once in order to obtain a "reusable credentials" blob, which is then used thereafter for playback. Currently this blob file lives in Mopidy-Spotify's cache directory. This is arguably the wrong place for a sensitive file as by default it has insecure read-all permissions. We could add implement this feature to remove the username/password config settings and ensure more restrictive file permissions for the blob.
I feel like storing my password in plaintext is a bit insecure, therefore I would like to implement the following feauture:
This feauture will add a password-cmd field to the config file. The command given after the
=
sign will be executed by the operating system and stdout will be the password used by mopidy-spotify. This allows users to use pass, or gopass to store their passwords and not force them to use a keyring.Before I implement this feauture (I have some time next week I think), I would like to know if this feauture will get merged with the main project.
The text was updated successfully, but these errors were encountered: