#1138 closed bug (Invalid)
Password hashing methode not documented
Reported by: | Jonny | Owned by: | Damien Churchill |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Web UI | Version: | 1.2.0 |
Keywords: | Cc: |
Description
Hey guys, I tried to change the webui password and that's a really horrible task. You've got to make that easier, or at least outline the steps!
Here are my points:
1) Your method of using the salt may be valid, but unintuitive. I read about salts on wikipedia, and they calculate hash(password+salt) whereas you calculate hash(salt+password). See? You're appending the password, not the salt. Tell people about that.
2) It's pretty hard to get the daemon/webui to actually reload the config. You can't just stop and restart, because they'll override your changes to the config file.
Thanks for being open source. I'd never have found out if it wasn't. On the other hand, being open source is no excuse for poor documentation.
I suggest you simply add a "Change password" box to the gtk-ui.
There isn't any documentation as you should change the password via the preferences page (in the webui). I've added this to the FAQ: http://dev.deluge-torrent.org/wiki/Faq#HowdoIchangethepassword