Updated Authentication used in the Subsonic API (markdown)
parent
578135411e
commit
15b7ae90ea
|
@ -48,6 +48,6 @@ That out of the way, some tips:
|
|||
- Always use a separate, strong password for your Subsonic user account. If you can't remember so much strong passwords, use a password manager (like for example [KeePass](https://keepass.info/))
|
||||
- Do not use your administrator account to access your Subsonic server from Ultrasonic. Create a separate account for music playback with restricted rights
|
||||
- Configure TLS with your server using a certificate signed by a CA, and use HTTPS to connect to your server
|
||||
- The Subsonic ecosystem was designed not to be so security focused, because it's just a media server. Never store any sensitive data on your media server. Always create backups of your media files.
|
||||
- The Subsonic ecosystem was probably designed not to be so security focused, because it's just a media server. Never store any sensitive data on your media server. Always create backups of your media files.
|
||||
- Allow your server to store the passwords in its database the most secure way possible. Its better to use Plain Password authentication on the Subsonic API with a properly configured TLS than to enable Token-based authentication and store your passwords insecurely in the database
|
||||
|
||||
|
|
Loading…
Reference in New Issue