Opened 13 years ago
Closed 12 years ago
#9555 closed Bug Report (Fixed)
Insecure password handling by mythfilldatabase
Reported by: | Owned by: | beirdo | |
---|---|---|---|
Priority: | major | Milestone: | 0.25 |
Component: | MythTV - Mythfilldatabase | Version: | 0.24-fixes |
Severity: | medium | Keywords: | |
Cc: | Ticket locked: | no |
Description
- It uses http (rather than https) in the wget command, so schedules direct password is being transmitted in the clear across the internet
- The schedules direct password is placed on the command line of the wget command, which potentially allows any user that shares that system can see the password in the clear
If these can't be fixed, perhaps a warning should be displayed on the schedules direct setup screen that these behaviors will be occuring so that the user can be forewarned.
Forwarding upstream from: https://bugs.launchpad.net/ubuntu/+source/mythtv/+bug/672895
Change History (3)
Note: See
TracTickets for help on using
tickets.
The first part is due to how that connection works, and could require changing things with TMS. Don't count on it.
The second is now not an issue as we no longer use wget as of 8d4c63af57b51193fe72efed9cce781641a0becc on master. No further changes are expected for 0.24.