#1138 closed bug (Invalid)
Password hashing methode not documented
Reported by: | Jonny | Owned by: | damoxc |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Web UI | Version: | 1.2.0 |
Keywords: | Cc: |
Description
Hey guys, I tried to change the webui password and that's a really horrible task. You've got to make that easier, or at least outline the steps!
Here are my points:
1) Your method of using the salt may be valid, but unintuitive. I read about salts on wikipedia, and they calculate hash(password+salt) whereas you calculate hash(salt+password). See? You're appending the password, not the salt. Tell people about that.
2) It's pretty hard to get the daemon/webui to actually reload the config. You can't just stop and restart, because they'll override your changes to the config file.
Thanks for being open source. I'd never have found out if it wasn't. On the other hand, being open source is no excuse for poor documentation.
I suggest you simply add a "Change password" box to the gtk-ui.
Change History (2)
comment:1 Changed 14 years ago by johnnyg
- Resolution set to invalid
- Status changed from new to closed
comment:2 Changed 14 years ago by Jonny
Thanks, this should help.
There isn't any documentation as you should change the password via the preferences page (in the webui). I've added this to the FAQ: http://dev.deluge-torrent.org/wiki/Faq#HowdoIchangethepassword