Mixxx

don't store plain text passwords in mixxx.cfg

Bug #1642765 reported by Daniel Schürmann on 2016-11-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mixxx	Fix Released	Wishlist	Stéphane L.	Mixxx 2.3.0

Bug Description

What will be the best encryption method, that works with open source software?

Revision history for this message

Daniel Schürmann (daschuer) wrote on 2016-11-18:

Encrypting the password with a key stored in code, is anti-pattern since it pretends security.

One option is to store the password in an extra file which can be secured by the OSs access levels.

The best option would be to use the OSs Password store facilities.

This projects provides a promising platform-independent wrapper for Qt:
https://github.com/frankosterfeld/qtkeychain

Revision history for this message

Daniel Schürmann (daschuer) wrote on 2016-11-18:

http://packages.ubuntu.com/source/xenial/qtkeychain

Changed in mixxx:
importance:	Undecided → Wishlist

Revision history for this message

Daniel Schürmann (daschuer) wrote on 2018-03-17:

This feature is currently disabled.
Should we enable it for 2.1 or is it too risky in this late state?

Changed in mixxx:
status:	New → Confirmed
assignee:	nobody → Joan (jmigual)
status:	Confirmed → In Progress
milestone:	none → 2.1.0

Daniel Schürmann (daschuer) on 2018-03-17

Changed in mixxx:
assignee:	Joan (jmigual) → Stéphane L. (palakis)

Revision history for this message

Stéphane L. (palakis) wrote on 2018-03-17:

QtKeychain supports the three OSes supported officially by Mixxx, so it should work out of the box.
However:
- We need to conduct tests on the three main platforms to make sure it works and isn't confusing to use
- It should be best to have a settings options to turn this on/off, with the option disabled by default in the beginning.

Be (be.ing) on 2018-03-19

Changed in mixxx:
milestone:	2.1.0 → 2.2.0

Revision history for this message

RJ Skerry-Ryan (rryan) wrote on 2018-09-19:

I think this is going in 2.3, right?

Changed in mixxx:
milestone:	2.2.0 → 2.3.0

Revision history for this message

Daniel Schürmann (daschuer) wrote on 2018-09-19:

Right.

Revision history for this message

RJ Skerry-Ryan (rryan) wrote on 2019-01-12:

Is there anything left to do for this?

Revision history for this message

Daniel Schürmann (daschuer) wrote on 2019-01-12:

Yes, we need "just" enable it for our binary distributions. It is not enabled in our nighty PPA at least.

Revision history for this message

Be (be.ing) wrote on 2019-09-14:

This is marked In Progress but there is no link to a pull request implementing this. What is the state of this?

Revision history for this message

Daniel Schürmann (daschuer) wrote on 2019-09-14:

#10

The code is already part of 2.1.0. We need to verify that it is enabled in all our binary distributions.

Revision history for this message

Daniel Schürmann (daschuer) wrote on 2020-06-10:

#11

https://github.com/mixxxdj/mixxx/pull/2854

Be (be.ing) on 2020-11-17

Changed in mixxx:
status:	In Progress → Fix Committed

Daniel Schürmann (daschuer) on 2021-06-29

Changed in mixxx:
status:	Fix Committed → Fix Released

Revision history for this message

Swiftb0y (swiftb0y) wrote on 2022-10-08:

#12

Mixxx now uses GitHub for bug tracking. This bug has been migrated to:
https://github.com/mixxxdj/mixxx/issues/8694

lock status:

Metadata changes locked and limited to project staff

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

auto-github-mixxxdj-mixxx #8694 Edit

Bug watches keep track of this bug in other bug trackers.