You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Actually I'm not 100% sure whether this makes sense for multiple reasons. The current authentication of Subsonic (and thus Airsonic) is deeply flawed; you need to save your credentials in clear text anyways. MD5 is broken. Client-side web crypto is flawed.
The only thing really annoying is that you have your user password turn up in server side logs, but that's technically not so different to an md5 hash that you could force a collision for. In my eyes that doesn't have such a high priority right now. In the end what an attackers gains access to is some music. You should probably teach your users to not re-use their passwords though.
No description provided.
The text was updated successfully, but these errors were encountered: