diff --git a/Authentication-used-in-the-Subsonic-API.md b/Authentication-used-in-the-Subsonic-API.md index a4c226a..7158632 100644 --- a/Authentication-used-in-the-Subsonic-API.md +++ b/Authentication-used-in-the-Subsonic-API.md @@ -48,6 +48,6 @@ That out of the way, some tips: - Always use a separate, strong password for your Subsonic user account. If you can't remember so much strong passwords, use a password manager (like for example [KeePass](https://keepass.info/)) - Do not use your administrator account to access your Subsonic server from Ultrasonic. Create a separate account for music playback with restricted rights - Configure TLS with your server using a certificate signed by a CA, and use HTTPS to connect to your server -- The Subsonic ecosystem was designed not to be so security focused, because it's just a media server. Never store any sensitive data on your media server. Always create backups of your media files. +- The Subsonic ecosystem was probably designed not to be so security focused, because it's just a media server. Never store any sensitive data on your media server. Always create backups of your media files. - Allow your server to store the passwords in its database the most secure way possible. Its better to use Plain Password authentication on the Subsonic API with a properly configured TLS than to enable Token-based authentication and store your passwords insecurely in the database