-
-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure authentication #89
Comments
Aha! Question is just on time. Check out version 0.8.12. It will hash any passwords it sees in the yaml file so no cleartext passwords there |
By glancing at the source code it looks like this is done by overwriting the config file we passed, right? Perhaps I'm missing something, but wouldn't it be better if the config file contained nothing sensitive, so that it could be comitted to source control? My desired flow is basically this:
From this perspective, there's a couple of unfortunate effects of the current approach:
|
Correct, the file is overwritten with the hashed passwords on the first call to the server if it sees cleartext passwords. hmm, couple of questions:
|
Hashing first could work. In that case I'd suggest to add documentation and possibly also helper scripts for encrypting/decrypting. Similar to rpcauth.py in Bitcoin Core |
Good idea, can do that 👍 |
Followed on #91 |
I've been looking into using Thunderhub to manage my node, but it seems a bit lacking authentication-wise. The current setup requires me to hardcode a password value int he yaml file, which is not good. Is it possible to avoid this, or do you have any thoughts on how to improve this?
Some solutions that I think would improve the current setup:
I'm happy to code up a solution if we can agree on a way of doing this.
The text was updated successfully, but these errors were encountered: