Subsonic Forum

forum.subsonic.org
http://forum.subsonic.org/forum/

store passwords on disk as hash, not as simple hex encoding

http://forum.subsonic.org/forum/viewtopic.php?f=3&t=6159

Page 1 of 1

store passwords on disk as hash, not as simple hex encoding

PostPosted: Thu Mar 31, 2011 9:12 pm
by achoo5000
As of right now the passwords for subsonic users are just hex encodings of the password string, which is easily reversible.

I submit a request that the passwords are stored as a md5 hash that cannot be easily de-encoded.

PostPosted: Wed Apr 27, 2011 6:46 am
by achoo5000
Here is a java library for doing correct password storing:

http://www.mindrot.org/projects/jBCrypt/

bump for justice

PostPosted: Mon Aug 01, 2011 12:09 am
by achoo5000
Now that sindre is reading the forums again I thought I'd bump this to the top.

After all these password hacks in the news I thought we would learn you should never store passwords as plaintext (which is what subsonic does essentially).

The syntax for this password encrypting library couldn't be easier.

PS I'm glad that the new beta runs as non-root for Ubuntu, keep up the good work!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/