Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encryption of PWs stored in devices.csv #781

Open
Peppa123 opened this issue Feb 14, 2023 · 2 comments
Open

Encryption of PWs stored in devices.csv #781

Peppa123 opened this issue Feb 14, 2023 · 2 comments
Labels
enhancement

Comments

@Peppa123
Copy link

It would be nice if the passwords stored config parameters of all devices stored in tasmota in the file "devices.csv" stored in the directory "tasmoadmin" would be saved encrypted in this file.

My tasmoadmin is running on docker and I surfed through the two directories used for storing data persistently on the file system and got a little bit afraid that the gui pw of all tasmota devices is saved in plaintext. This is not very secure actually.

May be it is a little effort to change the saving behavior or is there a reason that the pws are store in plain text?
@inverse
Copy link
Collaborator

inverse commented Feb 14, 2023
edited

I'm guessing it was done for simplicity as we would still need to expose the decryption key in some form or have a way to inject it into the stack.

@bespokecomp
Copy link

I agree. This is a security breach

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@inverse @bespokecomp @Peppa123