Opened 12 years ago
Closed 9 months ago
#2442 closed bug (Fixed)
Plaintext auth passwords.
| Reported by: | WatchDog | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | Future |
| Component: | Core | Version: | master |
| Keywords: | Cc: |
Description
Deluge stores daemon auth passwords in plain text. Deluge should follow best practice's and store passwords using bcrypt or scrypt.
However, hashing the passwords would cause problems for local clients that read and use the plaintext password from the auth file.
Local clients will need to either be whitelisted or use some other sort of secret only they can known to authenticate.
Note:
See TracTickets
for help on using tickets.
Thanks to Aden this is now implemented in develop branch [ab59585ba81] and stored in PHC string format.
Original PR: https://github.com/deluge-torrent/deluge/pull/484