返信先: About DIDL-Lite metadata suggestion

[storaid]

Hi, Tiki

I asked my friend, and this is his opinion (though he’s not particularly focused on UPnP in audio development).

Generally, DIDL-Lite metadata is unlikely to pose a security risk for the intranet.

The security concerns are usually related to the UPnP Renderer (IoT), such as when the URI in the returned DIDL-Lite metadata is tampered with, for example: CVE-2020-12695.

However, this kind of mechanism serves other purposes:
1. Consistency: Ensuring that parts of the CreatedMetaData and ReceivedMetaData are consistent.
2. Compatibility: At the very least, it helps to identify whether the renderer is returning inconsistent DIDL metadata.
3. Reliability: Checking specific required metadata attributes against the original metadata can improve reliability.
4. Transparency: It helps to determine whether there’s a compatibility issue with the renderer (since some brands of UPnP Renderers don’t respect UPnP and return incorrect DIDL metadata).

Cases include:
1. Early WiiM firmware: Incorrect metadata returned (wrong DIDL metadata format).
2. ifi-audio streamer: The inconsistent metadata I mentioned previously.
3. Yamaha device (R-N803D): Wrong URI.

If the check fails, it could trigger a pop-up message with some information.

This is just a suggestion for your reference.

Thank you