Skip to content

Password hash #2225

@LVerneyPEReN

Description

@LVerneyPEReN

Hi,

As far as I understand, the current password setup stores the password as plaintext in the user config file. It would probably be safer to have it stored as a hash and do a hash comparison upon login.

Is this feature already available? Else, would you accept a PR adding this behavior?

Thanks,
Best,

Activity

code-asher

code-asher commented on Oct 22, 2020

@code-asher
Member
added a commit that references this issue on Dec 6, 2020
a24cd63
added
enhancementSome improvement that isn't a feature
and removed on Dec 7, 2020
added this to the v3.7.5 milestone on Dec 8, 2020
added a commit that references this issue on Dec 8, 2020
1dd7e4b
reopened this on Dec 8, 2020
nhooyr

nhooyr commented on Dec 8, 2020

@nhooyr
Contributor

I don't believe #2409 fully closes this. We need to automatically hash the existing password.

JammSpread

JammSpread commented on Dec 9, 2020

@JammSpread
Contributor

Like you type hashedPassword in plaintext and code-server in runtime hashes it?

nhooyr

nhooyr commented on Dec 9, 2020

@nhooyr
Contributor

That could be one way to do it but I was confused when I wrote my above comment. This issue is definitely closed. I was thinking we could automatically always convert password in config.yaml to hashedPassword and rewrite the file. However, users need to see the default generated password when they login for the first time. Perhaps we should add something to the CLI to allow specifying the new password, hashing it and then storing it in config.yaml as hashedPassword.

I'm opening a new issue.

edit: nvm, decided against automation here for now. sha256sum is soo easy to use. perhaps we should add an example somewhere in the docs.

12 remaining items

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementSome improvement that isn't a feature

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @Huge@hgw77@nhooyr@SPGoding@BorysNie

        Issue actions

          Password hash · Issue #2225 · coder/code-server