CloudUxMCP

Critical security risks identified: Hardcoded MediaCentral credentials (host, username, password, bearer_token) are present in frontend source files (`avidmcpui/src/components/LoginScreen.jsx`) and backend test scripts (`avidmcpserver/test_auth.py`, `avidmcpserver/test_complete.py`), making them easily discoverable and exploitable. SSL certificate verification is explicitly disabled (`verify=False`) for `httpx` client in `auth_service.py` and `ctms_service.py`, which is highly insecure for production environments and susceptible to Man-in-the-Middle (MITM) attacks. The backend's CORS middleware (`allow_origins=["*"]`) allows requests from any origin, which is overly permissive and potentially risky if sensitive data is involved. OpenAI API key is configured via environment variables but requires careful handling to prevent exposure.