Funkwhale
/
ultrasonic-app-subsonic-android
mirror of https://github.com/ultrasonic/ultrasonic
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated Authentication used in the Subsonic API (markdown)

Nite 2021-09-16 08:25:40 +02:00
parent 578135411e
commit 15b7ae90ea
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Authentication-used-in-the-Subsonic-API.md

@ -48,6 +48,6 @@ That out of the way, some tips:
- Always use a separate, strong password for your Subsonic user account. If you can't remember so much strong passwords, use a password manager (like for example [KeePass](https://keepass.info/))
- Do not use your administrator account to access your Subsonic server from Ultrasonic. Create a separate account for music playback with restricted rights
- Configure TLS with your server using a certificate signed by a CA, and use HTTPS to connect to your server
- The Subsonic ecosystem was designed not to be so security focused, because it's just a media server. Never store any sensitive data on your media server. Always create backups of your media files.
- The Subsonic ecosystem was probably designed not to be so security focused, because it's just a media server. Never store any sensitive data on your media server. Always create backups of your media files.
- Allow your server to store the passwords in its database the most secure way possible. Its better to use Plain Password authentication on the Subsonic API with a properly configured TLS than to enable Token-based authentication and store your passwords insecurely in the database