EPG.NINJA by The Clairvoyants
- Thread starter psycon
- Start date
- Status
is secure login used properly when you use the new plugin?
as login in with a get request totally undermines https, it is sending your donation info in clear text, the only thing that's encrypted is the guide data.
all some malicious/authority user needs to do is sniff the net and look for the string.
Last edited:
hey dara 
it was a question. I not criticizing anything here, sorry if you got that idea.
I am old enough to decide if what I want to use, that is why I am asking. lol
it was a question. I not criticizing anything here, sorry if you got that idea.
I am old enough to decide if what I want to use, that is why I am asking. lol
d
did u move it the wrong way...?
also. make sure you "clear data" and restart kodi after making such changes.
Actually I didn't find it. Time zone in Appearance/International of Kodi does not exist. I tried switching back to default Confluence skin to no avail...help??
Kodi Wiki states:
Timezone country Select country location.
Note: For some OSes Kodi will take this information from the OS instead of having a setting.
Timezone Select your current timezone.
Note: For some OSes Kodi will take this information from the OS instead of having a setting.
So region depends on what is set on the Amazon Fire. But when I change it, time is wrong in Kodi and no such change can be done in Kodi....
I believe my time in the guide was correct before the DST that occured on Nov. 1st.
Last edited:
if someone is already on your network and can intercept your packets.. they have already pwned you.. ssl isnt going to stop them one bit.
i said NOT to change anything in kodi.. change it in your OS settings.. NOT IN KODI, ANYWHERE..
after you have changed it IN YOUR OS,, go into kodi>setings>tv and "Clear Data". then restart Kodi..
Nope i didnt move it. It seems like its trying to go backwards and pull old guide data and we are just tricking the time??? The only ones that show are the ones that the channel program is more than an hour old. That being said if I leave it running for an hour it will line up. But if I reboot than its back the same.I also did clear data
The guide time will be correct but the time will be off in Kodi. Is that not what you would want to do?
you misunderstand sorry. I am just looking for some facts.
I am asking:
does the new plugin negotiate over https or is it still sent as a http get request?
a get request such as hxxps://server/loginname/password is not a encrypted session its a shortcut to login if you do not have other means and the get request is sent as clear text, the username/password should be negotiated over https too or https is underminded by the get request (I am not bitching here, just talking tech). I also doubt anyone would be bothered to sniff anything but call me crazy I just like to know how things work.
It leads me to think https encrypted login is used in the new addon and the latter was/is used until the new plugin was/is finished.
I'll try ask dvbken.
and dara I really hope I dont come off as a wiseass, I endorse you guys work a lot and bringing this to the providers is a great idea
I dont bitch about things I do not like, I am way to old for that and I was not brought up that way..
don't like it don't use it, don't have anything good to say/add, shut up.
I am asking:
does the new plugin negotiate over https or is it still sent as a http get request?
a get request such as hxxps://server/loginname/password is not a encrypted session its a shortcut to login if you do not have other means and the get request is sent as clear text, the username/password should be negotiated over https too or https is underminded by the get request (I am not bitching here, just talking tech). I also doubt anyone would be bothered to sniff anything but call me crazy I just like to know how things work.
It leads me to think https encrypted login is used in the new addon and the latter was/is used until the new plugin was/is finished.
I'll try ask dvbken.
and dara I really hope I dont come off as a wiseass, I endorse you guys work a lot and bringing this to the providers is a great idea
I dont bitch about things I do not like, I am way to old for that and I was not brought up that way..
don't like it don't use it, don't have anything good to say/add, shut up.
Last edited:
I been a system admin for over 25 years.
plugging my laptop in the basement switch and sniffing my neighbors does not mean I own anything unless they use clear text to login somewhere..
i'm not going to discuss this anymore. no offense.. we are all friends right.
))edit: oh and thanks a lot, i'm not complaining, keep up the good work! as said your work is appreciated, don't think otherwise.
Last edited:
no offence taken.. you can admin be an admin for 25 years but you obviously don't know that once you are ablt to MiTM someone, stripping ssl and seeing everything wide open is trivial.. ... like i said.. if someone is already on your local network and sniffing, they can get whatever they want already.. and you likely have bigger problems than someone getting your NFPS account info....
so no.. using the donation in plaintext is not some gaping hole in security.. and using SSL is not any more secure than plaintext in the slightest way.. if your really worried about someone pulling an MiTM attack on you, its simple, use a VPN..
in simpler terms.. if someone can see you entering the epg.ninja url,, they can see what you post to the papaio site when you change your mac just the same.... you have already been pwned at that point....
moreover... if someone starts stealing other peoples accounts, what good will it do.. it will just get people banned from the server and accounts disabled... it serves no benefit for someone to try to steal your donation code... now can we move the thread back on to actual support questions..
so no.. using the donation in plaintext is not some gaping hole in security.. and using SSL is not any more secure than plaintext in the slightest way.. if your really worried about someone pulling an MiTM attack on you, its simple, use a VPN..
in simpler terms.. if someone can see you entering the epg.ninja url,, they can see what you post to the papaio site when you change your mac just the same.... you have already been pwned at that point....
moreover... if someone starts stealing other peoples accounts, what good will it do.. it will just get people banned from the server and accounts disabled... it serves no benefit for someone to try to steal your donation code... now can we move the thread back on to actual support questions..
Last edited:
if they are on your local net you are owned yes, that's why you have a hopefully have a router, using a public ip address on anything else is crazy.
I think we are talking past each other psycon.. lets leave it
I think we are talking past each other psycon.. lets leave it
Last edited:
The guide time will be correct but the time will be off in Kodi. Is that not what you would want to do?
sorry forgot a step... change timezone in your OS...
then turn off auto time and set your time manually..
its jsut a thought... would like some feedback if it works until something better can be added in the future.. if it doesnt work, use the version of stalker that coems with kodi and use NFPSF2 or F4
- Status