Winamp Online Services Security
Winamp Online Services is a powerful new way for web developers to create engaging content for millions of Winamp users. However, with great power comes great responsibility. Since online services have access to more information from the Winamp client than an ordinary web page, it is very important that we provide some mechanism to provide security for the users.
There are certain activities that online services can perform that are not considered a security risk, for example, examining the current position of a song being played. However, for others a security dialog will be presented whenever a service tries to perform the action for the first time.
Winamp has reviewed certain Online Services and pre-authorized them. Pre-authorized services will not have security dialogs presented during use of that service. Here is a list of pre-authorized services:
- SHOUTcast Radio
- SHOUTcast TV
- AOL Radio (USA-only)
- Song of the Day
- OurStage Radio
Security Dialog Prompts
Security prompts contain a description of the action being attempted, Allow and Deny buttons, and a checkbox:
Replies, either Allow or Deny, to security prompts are saved for each online service.
- Allow: Allows the online service to perform the action. It will also automatically ALLOW other related actions. The list below will identify which actions are related.
- Deny: Does NOT allow the online service to perform the action. It will also automatically DENY other related actions.
- Apply to all requests from this service: When this checkbox is selected, the choice (Allow or Deny) will be used as the response to all subsequent security prompts for this service. This is a quick way to indicate that a particular online service should be allowed or denied (depending on the button pressed) to perform all actions.
Security Prompt Messages
- This service is trying to control playback: The online service is attempting to Play, Stop, Pause, Jump to the previous track, or Jump to the next track.
- This service is trying to monitor playback events: The online service is requesting to be notified when playback events occur. The possible events are Play, Pause, Stop, End of File. Note these events will occur whether initiated from scripts or from the user clicking on the buttons themselves. Some events carry additional information:
- Play provides the filename/URL of the asset being played.
- Stop provides the current position where playback was halted. End of File indicates that the end of the asset has been reached.
- Pause provides a flag indicating whether the player was paused or unpaused.
- End of File happens at the end of an asset before the next one is played.
- This service is trying to get information about the currently playing song: The online service is requesting "Metadata" information from the current asset. "Metadata" is additional information that MAY be part of the asset, such as author or title, that is not actually part of the song itself. The existence of metadata depends on the format of the data and whether it was added when the asset was digitized.
- This service is trying to access your active playlist: The online service is trying to alter the Play Queue. It may be trying to play a single asset, add assets to the queue or clear the queue.
- This service is trying to get information about an item in your Play Queue: The service is trying to gather information about an asset within the play queue.
- This service is trying to access the playlists in your media library: The online service is trying to obtain a list of all Winamp playlists known to your Winamp client. It may also be trying to open a playlist to manipulate the assets within or it may be trying to save a modified playlist.
- This service is trying to access your bookmarks: The online service is trying to create a bookmark in your Media Library Bookmarks.
- This service is trying to subscribe you to a podcast: The online service is trying to subscribe to a podcast and add an entry in your Media Library Podcasts.
- This service is trying to provide metadata to Winamp: The online service is trying to add metadata for an asset. This might be useful if the online service can provide better metadata than comes as part of the asset itself.
- This service is trying to access information about media supported by Winamp: The service is trying to determine if the Winamp client supports a certain encoding formation, for example "mp3".
- This service is trying to access information about media on your computer: The online service is attempting to get metadata from an asset.
- This service is trying to access your playback history: The Winamp History is a collection of information about the assets you play, how many times they were played and when was the last time they were played. It is used to determine what the users favorite songs are.
- This service is trying to launch a website in the browser: The online service is trying to launch a new web site in the browser. The browser may be internal to Winamp, which means it could be an online service or it could be launched in an external browser where it does not benefit from the online services api calls.
- This service is trying to access information about Winamp: The online service is trying to gather information regarding the version of Winamp or the language pack that is being used by Winamp.
- This service is trying to access your skin settings: The online service is trying to obtain information regarding the current skin used by the Winamp client. This could be used to synchronize the colors of the service with that of the Winamp player.