Hi,
In wiki it explains the way of save passwords: http://dev.deluge-torrent.org/wiki/User ... entication
But in that example the password is saved in plain text, very insecure!!
Is there a way to save this password encrypted?
auth password in plain text!
auth password in plain text!
Simón
Usuario Linux nº 413.257 (http://counter.li.org/)
Usuario Ubuntu nº 11312 (http://ubuntucounter.geekosophical.net/)
Usuario Linux nº 413.257 (http://counter.li.org/)
Usuario Ubuntu nº 11312 (http://ubuntucounter.geekosophical.net/)
Re: auth password in plain text!
Not currently.
However, your auth file should only be readable by you, so it's not a huge security risk.
However, your auth file should only be readable by you, so it's not a huge security risk.
Re: auth password in plain text!
Yes, it's a security risk: http://en.wikipedia.org/wiki/Password#F ... _passwords, http://www.readwriteweb.com/archives/ro ... swords.php, http://www.mirrorten.com/plain-text-pas ... torage.php, etc...johnnyg wrote:Not currently.
However, your auth file should only be readable by you, so it's not a huge security risk.
If you search in Google, for example, by "password plain text security", you'll see many pages saying that this is the worst manner of do this.
By other side, in my auth file there is two entries: localclient and mine. localclient is created automatically by deluge daemon and its password is encrypted!! Why has localclient a encrypted password and mine can't?
Simón
Usuario Linux nº 413.257 (http://counter.li.org/)
Usuario Ubuntu nº 11312 (http://ubuntucounter.geekosophical.net/)
Usuario Linux nº 413.257 (http://counter.li.org/)
Usuario Ubuntu nº 11312 (http://ubuntucounter.geekosophical.net/)
Re: auth password in plain text!
I didn't say it wasn't a security risk, just not a huge one; if someone gains access to your account, I think controlling your torrents isn't your biggest problem...
That said, there are plans to have it store a cryptographic hash of the password instead.
localclient's password is also stored in plaintext; what you see is its password (it just happens to look encrypted).
That said, there are plans to have it store a cryptographic hash of the password instead.
localclient's password is also stored in plaintext; what you see is its password (it just happens to look encrypted).