Reverted because Kodi 1) shouldn’t do this in modern versions, 2) if it does, this should be fixed, 3) I doubt OP would have read this before uploading a log. There is also a warning on paste.osmc.io that confidential data should be redacted, but I doubt that was read.
Paths reveal protocols and potential issues in libs (libnfs, libsmb) or streaming issues. It’s an important part of diagnosing a problem.
As mentioned before, there was a regression where passwords could leak. It should be fixed in a fairly recent version, but we’d need a log (dare I ask for one) to see what version you are on. If the passwords are in the log, then you should report this to Kodi, not us.
However if you are using a password that you use for other services, then you’re not doing security correctly. I really don’t understand users that get high and mighty when they haven’t followed basic security principles. I’ll also assume you didn’t put your passwords in passwords.xml but instead added them to sources.xml.
You want instructions in the Wiki to copy and paste a text file?
Which is not relevant to your post. That post concerns the storage of passwords in XML files, not in logs.
No, but the name and place of the file. Also not me, because i know know where to look, but anyone else who wants to go the manual way…
Not relevant? I was told to file a bug and that is the exact description. My initial concern goes a step further, as the file was read by a program and uploaded together with the logs to some server. But that isnt a Kodi bug.
That the logs too contain the credentials is another concern of course.
Who said i am using it for other services?
May I quote from the kodi bug because i couldnt write it down better:
XBMC really isn’t an application that needs to be locked down, nor is it likely to contain sensitive information, but passwords themselves are sensitive information. NAS drives often hold more than just movie files. A password for a google service via an add-on could give access to know knows what.
It is my cloud storage password. If it is breached, all my private files are compromised, no matter via webdav or web gui or any other API. Thats why I am keeping it now out of KODI.
It’s just not worth the effort to me. Also I need to access the server from the internet as well, rarely but more than from Kodi.
Actually its about both. First the password gets stored in plain text file and then the file is not secured.
I was told to report the first part as a bug, but its still a duplicate isnt it?
This – I really don’t get. It’s 30-40 seconds to set up passwords.xml, and surely far longer to remove the source from Kodi and set up an external (presumably fstab based) mount.
No you dont understand. I am not going to waste more time on this, if I do not really need it as I said. I’m done with it. If I want to browse my cloud I use something else.
And then who knows what program/addon in ther future maybe reads that file out and uploads it anywhere else with me not knowing it. I learnt that Kodi is just no place for my important login credentials.
I appreciate your advice though. (and of course all the work you put into OSMC in general!)