config.md does not hint at passwords being stored in clear text

[almereyda]

The config.md documentation document suggests users to store their account credentials for allowing write operations.

The special page write_operations.md mentions the fact of clear text storage, but far away even from README.md.

Would it be possible to provide the password as a secure hash to the remote auth endpoint instead?

[maxlath]

the constrain is that, unless using OAuth (for which there is a pending issue #25 and which itself will need to store secret keys) we need to be able to recover the password, would stocking the password as a hash of a symmetric algorithm (like base64) address your concern?

[maxlath]

the hint is there now

[almereyda]

No, a symmetric hash does not address the concern, but this is probably a separate issue.

Thanks for telling the users more prominently about the caveats with this. Closing in favour of #45.