Clear text password stored for DXL Console

[shadowbq]

Please implement as secure salted SHA256 hash for the console password storage, and comparison.

The password should never be stored in clear text, or loaded into memory in clear text.

opendxl-console/dxlconsole/app.py

Line 22 in 8eb6bc9

GENERAL_PASSWORD_PROP = "password"

opendxl-console/dxlconsole/app.py

Lines 89 to 95 in 8eb6bc9

	def password(self):
	"""
	Returns the console password
	:return: The console password
	"""
	return self._password

opendxl-console/dxlconsole/console.py

Lines 182 to 183 in 8eb6bc9

	if username == self.application.bootstrap_app.username and \
	password == self.application.bootstrap_app.password:

I would highly recommend not implementing a custom encryption, but rather a BSD licensed one that has been test in the community like 'passlib' https://bitbucket.org/ecollins/passlib/wiki/Home

A quick example of using passlib to integrate into a new application:

>>> # import the context under an app-specific name (so it can easily be replaced later)
>>> from passlib.apps import custom_app_context as pwd_context

>>> # encrypting a password...
>>> hash = pwd_context.hash("somepass")
>>> hash
'$6$rounds=36122$kzMjVFTjgSVuPoS.$zx2RoZ2TYRHoKn71Y60MFmyqNPxbNnTZdwYD8y2atgoRIp923WJSbcbQc6Af3osdW96MRfwb5Hk7FymOM6D7J1'

>>> # verifying a password...
>>> ok = pwd_context.verify("somepass", hash)
True
>>> ok = pwd_context.verify("letmein", hash)
False