Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default to password hashing #10

Open
Alkarex opened this issue Nov 8, 2023 · 0 comments
Open

Default to password hashing #10

Alkarex opened this issue Nov 8, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@Alkarex
Copy link
Member

Alkarex commented Nov 8, 2023

Suggestion by @quackzar:

Currently the plugin does not provide any methods of hashing stored passwords themselves, but delegates
that to the user. However that risks that the user might provide the easier route of using plaintext
passwords, which is discouraged. Therefore a recommend change is to hash inputted passwords by default,
possibly with an opt-out mechanic or partly disallowing plaintext password storage. In this regard it
is important perform salting, however modern password hashing algorithms, such as bcrypt or argon2id
salt passwords automatically.
@Alkarex Alkarex added the enhancement New feature or request label Nov 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Alkarex