Home of the Squeezebox™ & Transporter® network music players.
Results 1 to 6 of 6
  1. #1
    Junior Member
    Join Date
    Jul 2018
    Posts
    22

    piCorePlayer exposing WiFI password

    Hi,

    happily running version 5.0.0 of the piCorePlayer. I noticed that under About -> Current configuration[ INFO ] /usr/local/etc/pcp/pcp.cfg, the password of the wifi network is being shown. I feel this is quite insecure:
    a) because the connections to the GUI is via http and not https (i can't find a setting to let it default to https)
    b) anyone connecting on the same wifi WLAN will see the password ... you could argue that someone that is on the WLAN would have already acquired the password somehow but still, this is not appropriate in my view.

    Is there a way of:
    a) defaulting the GUI to https?
    b) masking the password in the GUI?
    c) connecting to the GUI only via login/password?

    I know that if I connect a screen and keyboard to the RPi I can turn the GUI off, but its very inconvenient to have to do so an then turn it back on when you need to make some changes to settings (this is what I'm doing at the moment, which is quite tedious ...)

    Any suggestions on how I can improve this and make things more secure without having to turn the GUI on/off all the time?

    Thanks

  2. #2
    Senior Member paul-'s Avatar
    Join Date
    Jan 2013
    Posts
    3,088
    You can edit the file /etc/https.conf. And enable a password on the interface.

    The busy box web server cannot do https.

    Edit:The WiFi password is not saved in /usr/local/etc/pcp.cfg. Are you sure you are running 5.0.0
    Last edited by paul-; 2020-01-05 at 13:56.
    piCorePlayer a small player for the Raspberry Pi in RAM.
    Homepage: https://www.picoreplayer.org

    Please donate if you like the piCorePlayer

  3. #3
    Junior Member
    Join Date
    Jul 2018
    Posts
    22
    Quote Originally Posted by paul- View Post
    You can edit the file /etc/https.conf. And enable a password on the interface.

    The busy box web server cannot do https.

    Edit:The WiFi password is not saved in /usr/local/etc/pcp.cfg. Are you sure you are running 5.0.0
    Cheers Paul.

    Yes, it is 5.0.0.

    #piCorePlayer version
    PCPVERS="piCorePlayer 5.0.0"

    EDIT: Apologies, its listed under the "Wifi" page under "/usr/local/etc/pcp/wpa_supplicant.conf maintained by user"
    Last edited by squeezetux; 2020-01-05 at 14:00.

  4. #4
    Junior Member
    Join Date
    Jul 2018
    Posts
    22
    Quote Originally Posted by squeezetux View Post
    Cheers Paul.

    Yes, it is 5.0.0.

    #piCorePlayer version
    PCPVERS="piCorePlayer 5.0.0"

    EDIT: Apologies, its listed under the "Wifi" page under "/usr/local/etc/pcp/wpa_supplicant.conf maintained by user"
    EDIT2:

    When I ssh and change the /etc/httpd.conf file from:

    Code:
    # Maintained by piCorePlayer
    H:/home/tc/www
    #/cgi-bin:admin:admin
    to the following:

    Code:
    # Maintained by piCorePlayer
    H:/home/tc/www
    /cgi-bin:admin:admin
    and then reboot, I end up losing the edits I make. Once rebooting, it just defaults to the GUI without the password. I have similar problems when I try to change the passwd. It seems to default back to the default passwd.

  5. #5
    Senior Member paul-'s Avatar
    Join Date
    Jan 2013
    Posts
    3,088
    You have to backup after edits
    piCorePlayer a small player for the Raspberry Pi in RAM.
    Homepage: https://www.picoreplayer.org

    Please donate if you like the piCorePlayer

  6. #6
    Senior Member
    Join Date
    Apr 2005
    Location
    UK/London
    Posts
    2,482
    Try this to replace the plaintext in wpa_supplicant.conf

    https://www.linuxquestions.org/quest...xt-4175549702/

    Note - if it does not work for you then your Pi will not connect to WiFi ... so have your recovery mechanism ready.
    Paul Webster
    http://dabdig.blogspot.com
    Author of "Now Playing" plugins covering Radio France (FIP etc), KCRW, Supla Finland, ABC Australia, CBC/Radio-Canada and RTE Ireland

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •