[mythtv-commits] Ticket #9555: Insecure password handling by mythfilldatabase
MythTV
noreply at mythtv.org
Sun Feb 6 20:29:40 UTC 2011
#9555: Insecure password handling by mythfilldatabase
-------------------------------------------------+------------------------
Reporter: Marc Randolph <mrand@…> | Owner: stuartm
Type: Bug Report | Status: new
Priority: minor | Milestone: unknown
Component: MythTV - Mythfilldatabase | Version: 0.24-fixes
Severity: medium | Keywords:
Ticket locked: 0 |
-------------------------------------------------+------------------------
1. It uses http (rather than https) in the wget command, so schedules
direct password is being transmitted in the clear across the internet
2. The schedules direct password is placed on the command line of the wget
command, which potentially allows any user that shares that system can see
the password in the clear
If these can't be fixed, perhaps a warning should be displayed on the
schedules direct setup screen that these behaviors will be occuring so
that the user can be forewarned.
Forwarding upstream from:
https://bugs.launchpad.net/ubuntu/+source/mythtv/+bug/672895
--
Ticket URL: <http://code.mythtv.org/trac/ticket/9555>
MythTV <http://code.mythtv.org/trac>
MythTV Media Center
More information about the mythtv-commits
mailing list