--- a/src/ohcredentials.cxx
+++ b/src/ohcredentials.cxx
@@ -302,14 +302,21 @@
bool save() {
bool saveohcredentials = doingsavetofile();
- // We share the creds with the media server process because it
- // needs them for url translation If saveohcredentials is
- // true, we use a file, which can also be used by the regular
- // media server plugin, for possible later access without
- // ohcredentials (e.g. with another non-kazoo CP). If it's
- // false, we use a shared mem segment, and the user/pass would
- // have to be set in /etc/upmpdcli.conf for the media server
- // plugin to work.
+ // The media server process needs the credentials for
+ // translating the permanent URL into the actual media stream
+ // ones. We can use either a shared memory segment or a file
+ // for this purpose.
+ //
+ // Using a file offers less security (the creds are available
+ // to anyone with physical access to the device), but they can
+ // then also be used by the regular Media Server plugin,
+ // allowing access by a non-ohcredentials CP (e.g. upplay)
+ // without having to set them in upmpdcli.conf. In other
+ // words, the Credentials service utility is extended to
+ // regular CPs.
+ //
+ // The choice between shmem/file is decided by the
+ // saveohcredentials configuration variable
if (saveohcredentials) {
string credsfile = path_cat(cachedir, "screds");
ConfSimple credsconf(credsfile.c_str());