Bugzilla – Bug 3260
Add password protection to the Squeezebox setup
Last modified: 2008-12-18 11:38:58 UTC
Right now, anybody with a remote and physical access to the player can change the setup. There have been several requests for password protecting the player setup, useful in public spaces. Here's how it might work: Under "View Settings:" there would be an item: "Setup Lock Code: Not set". Pressing RIGHT on this item would take you to a text entry screen where you could enter a 4 digit numerical lock code. Entering 4 digits and then pressing RIGHT would enable the code (with the message "Lock Code Set".) Then the text in the View Settings area would be "Setup Lock Code: ****" Then whenever entering the main setup menu you'd be prompted for the lock code, enter the 4 digits to get to the main setup page. You could press the LEFT arrow to exit and attempt to connect to the last server (as if you timed out at boot time). Also timeout on the "Enter setup lock code" screen after 10 seconds or so and connect. The "Enter setup lock code" screen would show asterisks as you type the 4 digits. Enter all 4 correctly and you are brought to setup. Enter 4 digits that don't match show a 2 second "Problem: Incorrect setup lock code", then you'd have to start over. Having a lock code set would disable the press-and-hold POWER to reboot. You'd need to do a physical power reset and hold down the ADD button to reset the settings, including the lock code.
Are you saying that the code will be required to switch between servers? Why is it necessary to disable the the press-and-hold POWER to reboot? What is being protected by this? You'll still need the lock code to enter the setup, and anyone with physical access to the device athat allows them to use the remote will likely also be able to cycle the power. A reset will clear the code as well as clearing all other settings, correct? You'll also want a means of removing the lock code from within the setup.
By default no lock code will be needed to change the firmware settings, but the user can enable it if they require. Once enabled the code would be required to change any of the firmware settings. A reset will clear the code and all the other settings.
Subject: Re: Add password protection to the Squeezebox setup > Are you saying that the code will be required to switch between > servers? Yes, and every other part of setup. > Why is it necessary to disable the the press-and-hold POWER to reboot? Because with the remote, a user could do a factory reset and wipe out the passcode and then adjust the settings. > What is > being protected by this? Network settings, including server choice, wireless and TCP configuration. This is intended for players in public locations that the owner doesn't want it to be messed with. > You'll still need the lock code to enter the setup, > and anyone with physical access to the device a that allows them to > use the > remote will likely also be able to cycle the power. Possibly, but they could also walk away with the player. We're distinguishing sending IR signals as what we're securing vs. physically touching the player. > A reset will clear the code as well as clearing all other settings, > correct? Yes. > You'll also want a means of removing the lock code from within the > setup. Good point. Richard: let's make "no password" be 0000. The screen can be: Enter a new lock code: (Use 0000 for no lock) 0000
*** Bug 1505 has been marked as a duplicate of this bug. ***
This bug is fixed in firmware 56. It is currently undergoing internal testing. You will be notified again when it is made part of a nightly release.
I apologize; I've been slow in adding this notification to some of the bugs. Please ignore it if you've already tried the new firmware. This bug fix is now available in the nightly Slimserver release. The release is available from: http://www.slimdevices.com/dev_nightly.html If you prefer to wait for the next official release, you will be notified when it occurs. You'll need to install the new version of Slimserver, and then force your Squeezebox to upgrade its firmware by holding down the 'Brightness' button on the remote control until the firmware upgrade process begins. If you are still experiencing this problem after upgrading your affected players to the new firmware, please reopen the bug.