Encrypt/hash password in config #394
Comments
|
That'd be possible when we migrate from the current basic HTTP authentication to something more complicated |
|
If the hash password was applied, will AGH update with change password setting page ? |
|
Sure, it will in one of the future updates. |
|
Actually, this task is done in v0.99 beta. Profile settings will be done in the future updates. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the password is stored as cleartext in the config file. I'd like to suggest to move to an encrypted/hashed password instead, similar to how e.g. Transmission manages it. This way the password cannot be easily read by a malicious process (I understand that with proper access rules it's unlikely to happen, but I personally would feel safer if my password wasn't available in cleartext).
The text was updated successfully, but these errors were encountered: