Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#1138 closed bug (Invalid)

Password hashing methode not documented

Reported by: Jonny Owned by: damoxc
Priority: major Milestone:
Component: Web UI Version: 1.2.0
Keywords: Cc:

Description

Hey guys, I tried to change the webui password and that's a really horrible task. You've got to make that easier, or at least outline the steps!

Here are my points:

1) Your method of using the salt may be valid, but unintuitive. I read about salts on wikipedia, and they calculate hash(password+salt) whereas you calculate hash(salt+password). See? You're appending the password, not the salt. Tell people about that.

2) It's pretty hard to get the daemon/webui to actually reload the config. You can't just stop and restart, because they'll override your changes to the config file.

Thanks for being open source. I'd never have found out if it wasn't. On the other hand, being open source is no excuse for poor documentation.

I suggest you simply add a "Change password" box to the gtk-ui.

Change History (2)

comment:1 Changed 12 years ago by johnnyg

  • Resolution set to invalid
  • Status changed from new to closed

There isn't any documentation as you should change the password via the preferences page (in the webui). I've added this to the FAQ: http://dev.deluge-torrent.org/wiki/Faq#HowdoIchangethepassword

comment:2 Changed 12 years ago by Jonny

Thanks, this should help.

Note: See TracTickets for help on using tickets.