Opened 10 years ago
#2442 new bug
Plaintext auth passwords.
Reported by: | WatchDog | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | Future |
Component: | Core | Version: | master |
Keywords: | Cc: |
Description
Deluge stores daemon auth passwords in plain text. Deluge should follow best practice's and store passwords using bcrypt or scrypt.
However, hashing the passwords would cause problems for local clients that read and use the plaintext password from the auth file.
Local clients will need to either be whitelisted or use some other sort of secret only they can known to authenticate.
Note:
See TracTickets
for help on using tickets.