#9555: Insecure password handling by mythfilldatabase
-------------------------------------------------+------------------------
Reporter: Marc Randolph <mrand@…> | Owner: stuartm
Type: Bug Report | Status: new
Priority: minor | Milestone: unknown
Component: MythTV - Mythfilldatabase | Version: 0.24-fixes
Severity: medium | Keywords:
Ticket locked: 0 |
-------------------------------------------------+------------------------
1. It uses http (rather than https) in the wget command, so schedules
direct password is being transmitted in the clear across the internet
2. The schedules direct password is placed on the command line of the wget
command, which potentially allows any user that shares that system can see
the password in the clear
If these can't be fixed, perhaps a warning should be displayed on the
schedules direct setup screen that these behaviors will be occuring so
that the user can be forewarned.
Forwarding upstream from:
https://bugs.launchpad.net/ubuntu/+source/mythtv/+bug/672895
--
Ticket URL: <http://code.mythtv.org/trac/ticket/9555>
MythTV <http://code.mythtv.org/trac>
MythTV Media Center