Store password hash

[tobiasBora]

Feature request

Thanks for this cool project. Sadly I find it crazy that a project as famous as mpd is insecure. TLS support was already requested (#297) but for extra security it feels wrong to write password in clear in configuration files. I'd love a method to specify passwords via there hash, using some secure password-specialized hashing method.

[MaxKellermann]

Nobody is really interested in TLS support or password hash support. Those two people who (you and the one who wrote the TLS feature request) do are not the ones writing any code. Therefore, MPD is still "insecure".

This is a matter of priorities. True, MPD doesn't follow best security practices. But does it need to? It's a music player. The worst an attacker can do is make you listen to pop music. You may say the attacker can also delete your playlists, yes, you're right, that was just a dumb joke about pop music being awful.

Storing cleartext passwords is, of course, not the best design. Your feature request is reasonable and would indeed be an improvement. But I feel that my own time would be better put into more useful features than this. You may have different priorities, and if password hashes make you happy, why don't you submit a PR?

[tobiasBora]

Ahah sorry I was maybe a bit tired and harsh in my first message. That being said:

Nobody is really interested in TLS support or password hash support. Those two people who (you and the one who wrote the TLS feature request) do …

I don't really agree about the "nobody": the TL issue has been upvoted by 21 people, making it the 3rd most wanted feature of this project. Similar features have also been asked, e.g. to have Websocket (also with TLS) support #1511 that is the 10th most wanted feature of the project, or to have REST API #1808. Also, people interested by this kind of feature (eg to have web clients) may simply not consider using MPD and will use other softwares, hence they might never contribute code later since they never got a chance to start using it, leading to splits of community. But sure it's your choice not to spend time on this, at least I'm happy to see you are not against it.

The worst an attacker can do is make you listen to pop music.

Well, if passwords transit in clear text, and if the password is used else where, e.g. email address, (yeah, people tend to reuse the same password), the attacker can corrupt their email address. And then really bad thing can happen, way worse than listening to pop music ^^' (note that the fix for this precise issue is TLS support, not password hash) Password hash is helpful if the configuration file is not properly configured and readable by other users (people tend to forget about properly securing everything), if they can access to the password, and, again, if this password is used elsewhere, bad things can happen.

But I feel that my own time would be better put into more useful features than this. You may have different priorities, and if password hashes make you happy, why don't you submit a PR?

Sure, I do understand. I may consider writing PR at some points, but for now I'm trying to send PR to another software, so one thing at a time ^^

[MaxKellermann]

Oh yes, nobody is really interested in TLS support. Upvoters don't count, that's effortless. Don't vote by clicking some icon on GitHub - follow your interests and vote with your time. That's all that counts for me.

Of course, those who may be disappointed by MPD's lack of features might not decide to improve MPD but use something else, but so what? You say they won't contribute to MPD later, sure, but I have no hope in people who have already decided against contributing from the beginning.

MPD had the most contributors ever when it was a unusable mess that barely worked. There was lots of low hanging fruit, lots of obvious bugs with obvious solutions. These were exciting times. But when I joined the project 18 years ago, I fixed all the bugs in a long streak, and contributions ran dry. MPD evolved into something that was reliable, something that was not annoying enough to justify time investment. (Of course there are still bugs, but they are exotic and hard to fix - too difficult for most people.)
It's somewhat frustating to see this weird kind of social dynamic: the better the software, the fewer contributors. MPD isn't alone - there were more projects where I have disintegrated developer interest by just fixing the software.

I've come to peace with this. It's okay. But it's just as okay to have many feature requests that I will never take action on. I decide what's worth my time (just like everybody else does). I'm doing my best to make MPD a perfect music player, but everybody has a different opinion about what feature set is necessary for perfection. I will merge useful features, even if I don't use them, but that requires others to put their time where their mouth/mouse is.

[devinhedge]

I'm really interested in TLS, secure coding, and sandboxed plugins. So I'm going to do something about it.