[Owncloud] Ampache on OC 6

Robin Appelman robin at icewind.nl
Sat Dec 14 17:36:44 UTC 2013


On Saturday 14 December 2013 17:20:22 Tornóci László wrote:
> On 12/14/2013 04:40 PM, Bernhard Posselt wrote:
> > That feature was part of the music application, the music application
> > was a security risk and had no maintainer, thats why it was dropped.
> > There is a new alpha release from a different maintainer on the appstore
> > which you can try. I dont think it features ampache integration.
> > 
> > Apart from that supporting the ampache API weakens your password
> > security (by a lot) and allows the use of rainbow tables to crack your
> > password. Just sayin.
> 
> That's something I thought of myself, too. Is there a difference here
> between services that OC provides? There are quite a few services
> (webdav file, address book, calendar sync, mozilla sync). Are these
> services any better from the security point than the ampache API? The
> more services we use on different gadgets the more the security risk,
> that is clear. But is there any difference between services? Just curious.
> 
> 					Yours: Laszlo

As far as I know ampache is an exception since ampache requires us to store 
the sha256 hash of the password, for things like cal/card/webdav we can choose 
our own password storage format (bcrypt)

 - Robin Appelman



More information about the Owncloud mailing list