[vlc-devel] http intf: ensure the password is set

Rémi Denis-Courmont remi at remlab.net
Fri Apr 26 14:14:13 CEST 2013


On Fri, 26 Apr 2013 12:43:00 +0200, Jean-Baptiste Kempf <jb at videolan.org>
wrote:
> On 25 Apr, Francois Cartegnie wrote :
>> > From: Rémi Denis-Courmont <remi at remlab.net>
>> > Date: Mon, 22 Apr 2013 16:35:01 +0000 (+0300)
>> > Subject: http intf: ensure the password is set
>> > X-Git-Url:
>> >
http://git.videolan.org/?p=vlc.git;a=commitdiff_plain;h=51719d5a03afd84eb0ddc76eed393b196d15b0d0
>> > 
>> 
>> > +assert(password ~= "", "password not defined")
>> 
>> Lots of users complains to be expected...
> 
> Why not a dialog?

Yeah. Generate a secure random password and then: "The HTTP interface may
contain nuts, fry your cat and harm your children. It will be protected by
password XXXXXXXX. Do you really wish to enable the HTTP interface? [Abort
abort abort] [Yes, I am insane]"


At least then the password won't be asdfg. Unfortunately, this fails to
protect against MITM on the local network.

-- 
Rémi Denis-Courmont
Sent from my collocated server



More information about the vlc-devel mailing list