Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QT Desktop APP should not store password in plain text #1632

Open
vilu85 opened this issue Mar 12, 2021 · 1 comment
Open

QT Desktop APP should not store password in plain text #1632

vilu85 opened this issue Mar 12, 2021 · 1 comment
Labels
enhancement

Comments

@vilu85
Copy link

vilu85 commented Mar 12, 2021

livehelperchat/lhc_web/modules/lhxml/checklogin.php

Line 11 in 080e86e

if ($currentUser->authenticate($_POST['username'],$_POST['password']))

Desktop app (Qt) uses this for authentication. It would be better if checklogin.php would use hashed password for validation (hashed and then received by checklogin.php with POST) instead of plain text. This way the real password would never be stored as plain text on client side (Desktop app settings.xml).
@remdex
Copy link
Contributor

remdex commented Mar 12, 2021
edited

I'll welcome pull request regarding that improvement :)
Users also can choose do not store password also.
Or they can use just electron version of the app.

@remdex remdex changed the title Unsecure authentication QT Desktop APP should not store password in plain text Mar 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@remdex @vilu85