-
Notifications
You must be signed in to change notification settings - Fork 6.1k
Closed
Labels
enhancementSome improvement that isn't a featureSome improvement that isn't a feature
Milestone
Description
Hi,
As far as I understand, the current password setup stores the password as plaintext in the user config file. It would probably be safer to have it stored as a hash and do a hash comparison upon login.
Is this feature already available? Else, would you accept a PR adding this behavior?
Thanks,
Best,
Metadata
Metadata
Assignees
Labels
enhancementSome improvement that isn't a featureSome improvement that isn't a feature
Type
Projects
Relationships
Development
Select code repository
Activity
code-asher commentedon Oct 22, 2020
Add hashedPassword config
Add hashedPassword config (#2409)
nhooyr commentedon Dec 8, 2020
I don't believe #2409 fully closes this. We need to automatically hash the existing password.
JammSpread commentedon Dec 9, 2020
Like you type hashedPassword in plaintext and code-server in runtime hashes it?
nhooyr commentedon Dec 9, 2020
That could be one way to do it but I was confused when I wrote my above comment. This issue is definitely closed. I was thinking we could automatically always convert
password
inconfig.yaml
tohashedPassword
and rewrite the file. However, users need to see the default generatedpassword
when they login for the first time. Perhaps we should add something to the CLI to allow specifying the new password, hashing it and then storing it inconfig.yaml
ashashedPassword
.I'm opening a new issue.
edit: nvm, decided against automation here for now.
sha256sum
is soo easy to use. perhaps we should add an example somewhere in the docs.12 remaining items