by Barry4679 » Sat Sep 09, 2023 2:09 am
GusFit wrote: ↑Fri Sep 08, 2023 11:13 pm
I should clarify this is a third party developer. Any data related to the media library is fine, I'm more worried if MM stores personal data (like every service seems to do these days).
I have sent my MM db to various people, and have received the MM dbs from many people.
I don't think that there is anything to worry about, but as I presume that I am the Developer that you are concerned about, you should get the following verified.
AFAIK if you want to authorise MM to access your account at a "service" (eg. Dropbox), it works as follows:
- For each service that MM supports they have been issued a private key, which MM keeps secret
- You try to sign into your "service" from within MM
- They send their (MM) private key to the service, along with the account name that you have supplied
- The service opens a Browser window asking for your password and for permission to allow MM to access your account ... MM never sees your password to your account
- Once you have authenticated yourself and validated the access request, the service sends an access token to MM ... this token is specific to your account AND TO MM ... ie. can only be used for access if both the token and the MM private key are supplied
- MM stores only the token to the MM db
If you were still concerned, you could sign out of the services, in MM, before sharing your database. This will invalidate the tokens. You would be issued new tokens when you signed back into services using MM, ie. after sharing the database
NB. I don't personally use MM to scrobble to my LFM account. I don't know how MM secures access your LFM account. Presumably it is something similar?
GusFit wrote: ↑Fri Sep 08, 2023 11:13 pm
Appreciate the link to those tables.
Code: Select all
select * from devices where handlerID = 'cloud'
[quote=GusFit post_id=512905 time=1694232832 user_id=124045]
I should clarify this is a third party developer. Any data related to the media library is fine, I'm more worried if MM stores personal data (like every service seems to do these days).
[/quote]
I have sent my MM db to various people, and have received the MM dbs from many people.
I don't think that there is anything to worry about, but as I presume that I am the Developer that you are concerned about, you should get the following verified.
AFAIK if you want to authorise MM to access your account at a "service" (eg. Dropbox), it works as follows:
[list]
[*] For each service that MM supports they have been issued a private key, which MM keeps secret
[*]You try to sign into your "service" from within MM
[*] They send their (MM) private key to the service, along with the account name that you have supplied
[*] [b]The service[/b] opens a Browser window asking for your password and for permission to allow MM to access your account ... MM never sees your password to your account
[*] Once you have authenticated yourself and validated the access request, the service sends an access token to MM ... this token is specific to your account AND TO MM ... ie. can only be used for access if both the token and the MM private key are supplied
[*] MM stores only the token to the MM db
[/list]
If you were still concerned, you could sign out of the services, in MM, before sharing your database. This will invalidate the tokens. You would be issued new tokens when you signed back into services using MM, ie. after sharing the database
NB. I don't personally use MM to scrobble to my LFM account. I don't know how MM secures access your LFM account. Presumably it is something similar?
[quote=GusFit post_id=512905 time=1694232832 user_id=124045]
Appreciate the link to those tables.
[/quote]
[code]select * from devices where handlerID = 'cloud'[/code]
