Updated Authentication used in the Subsonic API (markdown)

Nite 2021-09-16 08:25:40 +02:00
parent 578135411e
commit 15b7ae90ea
1 changed files with 1 additions and 1 deletions

@ -48,6 +48,6 @@ That out of the way, some tips:
- Always use a separate, strong password for your Subsonic user account. If you can't remember so much strong passwords, use a password manager (like for example [KeePass](https://keepass.info/)) - Always use a separate, strong password for your Subsonic user account. If you can't remember so much strong passwords, use a password manager (like for example [KeePass](https://keepass.info/))
- Do not use your administrator account to access your Subsonic server from Ultrasonic. Create a separate account for music playback with restricted rights - Do not use your administrator account to access your Subsonic server from Ultrasonic. Create a separate account for music playback with restricted rights
- Configure TLS with your server using a certificate signed by a CA, and use HTTPS to connect to your server - Configure TLS with your server using a certificate signed by a CA, and use HTTPS to connect to your server
- The Subsonic ecosystem was designed not to be so security focused, because it's just a media server. Never store any sensitive data on your media server. Always create backups of your media files. - The Subsonic ecosystem was probably designed not to be so security focused, because it's just a media server. Never store any sensitive data on your media server. Always create backups of your media files.
- Allow your server to store the passwords in its database the most secure way possible. Its better to use Plain Password authentication on the Subsonic API with a properly configured TLS than to enable Token-based authentication and store your passwords insecurely in the database - Allow your server to store the passwords in its database the most secure way possible. Its better to use Plain Password authentication on the Subsonic API with a properly configured TLS than to enable Token-based authentication and store your passwords insecurely in the database