Add option to change password precision

[tesshucom]

Login/Password considerations. Related airsonic/airsonic#69, airsonic/airsonic#1099, #1733

• This will definitely be fixed. However, since it is not a fatal problem, the priority is not set high. There were some more important security issues.
• It will be fixed by November 2023 at the latest. See Bump Tomcat && Jetty && Spring Boot #839.

---

It was assumed that this would be done during a major version update of Spring Boot, but it was not actually done.

• It is still considered to be of some importance, but it is not the most important security issue.
  • It would be a good interest to fool beginners. However, there are actually many more important things than this. By the way, the author's first workplace was in the security management office of a listed company.
  • It is assumed that this will eventually be handled in the application layer, but the strongest protection is to protect it through the network.
    • We have increased the strength of the password, so it is secure. This is very easy to understand, but most of the password leaks that are often reported in the news are encrypted. Don't rely on the strength of your password and don't let it leak.
    • If you want to have tighter control over your songs, you can configure internal routing to allow only specific VPN users to use Jpsonic, using a combination of the IP address you use to log into your VPN and internal routing.　There is no need to expose Jpsonic's port to Wan. This is relatively easy.
  • The topic of being able to listen to and search for songs without any problems is a different topic than the topic of the security model of Web Apps. Naturally, the former is the top priority. No matter how strong the security you create, if you can't play music, it won't function as a media server.

So I'll do it someday, but I'm in no hurry. Of course, when creating a new app, you should avoid saving it in plain text... 🙄