One more thought: there ought to be a port 9443 that lets you interact with LMS over HTTPS. When I'm prompted for a login, Chrome displays a "basic auth" dialog box that tells me that my password will go over the network in the clear. Even if you don't think a password is necessary, we can all agree that passwords ought to be encrypted before they're sent across the network.
Technically your points are valid. I'm sure you could somehow protect LMS using a proxy. But as the players don't support https, there are limits in what you can protect - they need access to non-encrypted http on port 9000.
That said: if you fear that somebody who has access to your LAN would abuse this power to sniff your LMS password, then you got a bigger problem. Keep in mind that sniffing requires physical access to the network connection between your LMS machine and the client. Or the privilege to run the required tools on critical systems. Don't give anyone you don't trust this level of access to your network.
LMS' password protection really is just to prevent the accidental change. _______________________________________________ Squeezecenter mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/squeezecenter
