I'm fixing an old non-working channel plugin and I have an issue. This channel seems to use Login by GET instead of POST (I really don't know anything about HTTP so I have no idea what the difference is...) which seems to cause the password to be written in system.log. I.e. the password is part of the URL.
Is there a way to avoid this from being logged? I.e. the url is like
That really depends on what the website/service you’re logging into will accept. If you can log in via a POST request, then passing the username & password using either the values or data keyword args. They take a dict{} or URL-Encoded string, respectively. Otherwise, it might be possible to pass the values as base64 encoded. They would still show up in the logs but would at least be obfuscated. That would still depend on the website/service accepting the arguments in that format.
I can try the base64 method. How do I encode it like that the easiest way?
If you just want to test it in a browser, you can paste the text into an online encoder like the one at base64encode.org then copy the encoded string into your test URL. The plugin framework provides the String.Encode() method for use in plugin code.
Ok, thx for the help at least. Would be nice with an Plex option to avoid logging then.
Perhaps I can make some temp solution which copies log before request then renames it back after the request. I.e in that way overwrite the log with password.
Ok, thx for the help at least. Would be nice with an Plex option to avoid logging then.
Perhaps I can make some temp solution which copies log before request then renames it back after the request. I.e in that way overwrite the log with password.
That's all of not much use, if it's not in the log it's still very easy to track the password just by checking the http requests made from the PMS machine.
That's all of not much use, if it's not in the log it's still very easy to track the password just by checking the http requests made from the PMS machine.
Even if it's https? At least it should be as "simple" to track the password from the web interface of the channel I guess.
Yup, https doesn't matter, you can always check what requests are being made.
Easier to check from PMS than from Channel Homepage in Browser? Since I didn't manage to see the HTTPS request in wireshark from Browser - but perhaps there are other ways...
Setting the "Elevated" flag in the Info.plist, then you don't need to import anything in the __init__.py. "Core" and other protected framework methods should be available. For example, check out how I use it in the Unsupported Appstore code. I'm not sure if it's possible to access them in ServiceCode. By nature, Services are intended to run in an even smaller sandbox than plugin code. I'll see what I can find out.
