I’m cleaning up a system right now and I noticed piaware.adept.conf. piaware.adept.conf contains the Flightaware username and password in plain text. That’s not best practice. This might be an out of date configuration, so this may already be corrected. If not, I would suggest updating the security practices with passwords.
This is the copy used by piaware-mutability (vanilla piaware has in it /root somewhere)
The piaware-mutability copy is readable only by the piaware user that runs the piaware process (and root, obviously); the vanilla piaware version is readable only by root since piaware itself runs as root.
The adept protocol (if you’re logging in with a username) requires the password, not a hash of it, so any further protection would just be security through obscurity - if piaware can go from what is on disk to the full password, so can anything else. The protocol is TLS-protected so the password doesn’t go over the network in plaintext.
You may be better off skipping the username bit altogether and letting piaware authenticate by MAC. It’d be nice to support some sort of proper API-token-based authentication eventually, but currently the MAC address fills that role; it’s not particularly secure but at worst, someone can feed data as if it was from your site, they don’t gain any additional access.