After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 505586 - Audioscrobbler password saved in plain text (Minor security issue)
Audioscrobbler password saved in plain text (Minor security issue)
Status: RESOLVED DUPLICATE of bug 349132
Product: rhythmbox
Classification: Other
Component: Plugins (other)
0.11.x
Other All
: Normal minor
: ---
Assigned To: RhythmBox Maintainers
RhythmBox Maintainers
Depends on:
Blocks:
 
 
Reported: 2007-12-25 16:46 UTC by Jonas F. Jensen
Modified: 2007-12-26 09:05 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Jonas F. Jensen 2007-12-25 16:46:00 UTC
Please describe the problem:
The users password for last.fm is saved in plain text in gconf... I know the protocol and you only need an md5hash if the password login... So storing the actual password is an unnecessary security risk. 

Steps to reproduce:
1. Enter last.fm password to rhythmbox
2. Open gconf-editor and find /apps/rhythbox/audioscrobbler/password
3. The password is in plain text.


Actual results:


Expected results:
The password should have been an md5 sum.

Does this happen every time?
Yes.

Other information:
I suppose you are still using the old protocol there's a short introduction to it here:
http://gabistapler.de/blog/index.php?/archives/268-Play-last.fm-streams-without-the-player.html
I've documented the new last.fm 1.2 protocol here, if it's of any interest:
http://code.google.com/p/thelastripper/wiki/LastFM12UnofficialDocumentation
(Appendix A is a list of Last.fm URI's you might want to add personal, playlist and loved by default.)
Comment 1 Jonathan Matthew 2007-12-26 09:05:55 UTC
Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find.


*** This bug has been marked as a duplicate of 349132 ***