[mythtv-commits] Ticket #9555: Insecure password handling by mythfilldatabase

MythTV noreply at mythtv.org
Sun Feb 6 20:29:40 UTC 2011

#9555: Insecure password handling by mythfilldatabase
     Reporter:  Marc Randolph <mrand@…>          |      Owner:  stuartm
         Type:  Bug Report                       |     Status:  new
     Priority:  minor                            |  Milestone:  unknown
    Component:  MythTV - Mythfilldatabase        |    Version:  0.24-fixes
     Severity:  medium                           |   Keywords:
Ticket locked:  0                                |
 1. It uses http (rather than https) in the wget command, so schedules
 direct password is being transmitted in the clear across the internet

 2. The schedules direct password is placed on the command line of the wget
 command, which potentially allows any user that shares that system can see
 the password in the clear

 If these can't be fixed, perhaps a warning should be displayed on the
 schedules direct setup screen that these behaviors will be occuring so
 that the user can be forewarned.

 Forwarding upstream from:

Ticket URL: <http://code.mythtv.org/trac/ticket/9555>
MythTV <http://code.mythtv.org/trac>
MythTV Media Center

More information about the mythtv-commits mailing list