mopidy-spotify icon indicating copy to clipboard operation
mopidy-spotify copied to clipboard
verified publisher icon mopidy

Implement password-cmd to mopidy.conf to harden security

Open gorrila20 opened this issue 4 years ago • 3 comments

I feel like storing my password in plaintext is a bit insecure, therefore I would like to implement the following feauture:

This feauture will add a password-cmd field to the config file. The command given after the = sign will be executed by the operating system and stdout will be the password used by mopidy-spotify. This allows users to use pass, or gopass to store their passwords and not force them to use a keyring.

Before I implement this feauture (I have some time next week I think), I would like to know if this feauture will get merged with the main project.

gorrila20 avatar Feb 28 '21 09:02 gorrila20

Personally, I believe that the important part is to use different passwords for different services (and then probably use a password manager to make that manageable). If you do that, storing a password that is only used for Spotify in plain text on your local disk isn't a threat I'd spend any time worrying about.

A password command solution would have to be something that could be used by all Mopidy extensions. I'm not going to merge a solution that is specific to Mopidy-Spotify.

jodal avatar Mar 01 '21 13:03 jodal

Personally, I believe that the important part is to use different passwords for different services (and then probably use a password manager to make that manageable). If you do that, storing a password that is only used for Spotify in plain text on your local disk isn't a threat I'd spend any time worrying about.

A password command solution would have to be something that could be used by all Mopidy extensions. I'm not going to merge a solution that is specific to Mopidy-Spotify.

I really like this feature. I use pass just for configuration files and scripts. It is very helpful if other people have access to the computer. The lack of password-cmd support bothers me.

PoisonFrog avatar Jul 27 '21 13:07 PoisonFrog

Now we've moved to using spotifyaudiosrc instead of libspotify, we technically only require username and password once in order to obtain a "reusable credentials" blob, which is then used thereafter for playback. Currently this blob file lives in Mopidy-Spotify's cache directory. This is arguably the wrong place for a sensitive file as by default it has insecure read-all permissions. We could add implement this feature to remove the username/password config settings and ensure more restrictive file permissions for the blob.

kingosticks avatar Mar 27 '23 15:03 kingosticks