Why does API still requires plain-text password?
|#1 by Widowan|
2021-12-14 at 02:20
|< report >I've been looking at API documentation and the major thing that stood out was the fact that it required plaintext password sent. Why? I'm not so worried about sending it (since encryption and stuff) rather than about storing it in plaintext... I understand that this is an animu porn website and major OSes have keyrings and stuff but I still feel rather uncomfortable...|
|#2 by Widowan|
2021-12-14 at 02:25
|< report >What I meant to say is "Why it's not hashed at least"|
|#3 by Yorhel|
2021-12-14 at 06:01
|< report >Because I simply hadn't gotten to implementing a token or session system. You're welcome to contribute one.|
|#4 by Widowan|
2021-12-14 at 20:59
|< report >I mean, it doesn't have to be a token/session system, as far as I can see passwords are scrypt'ed anyways|
|#5 by Yorhel|
2021-12-15 at 06:05
|< report >Yeah but I'm not going to give you my global salt.|
I realized yesterday that implementing a session system would actually not be too much work as most of the infrastructure is already there. I'll see if I can give it a try.
|#6 by Widowan|
2021-12-15 at 08:01
|< report >Thanks for looking at least!|
|#7 by Yorhel|
2021-12-15 at 12:39
|< report >Yup, that wasn't so bad, API now supports session tokens.|
Still requires plain-text password for initial login, but at least you won't have to store it.
|#8 by Widowan|
2021-12-15 at 20:53
|< report >Thank you! <3|
You must be logged in to reply to this thread.