[GRASS-dev] password security
Brad ReDacted
brad.redacted at outlook.com
Mon Jul 25 20:38:29 PDT 2022
Hello GRASS devs,
Is there any objection to adding yet another dependency? Let me explain:
I want to resolve the security issue of storing passwords in clear text.
I would like to address this by linking OpenSSL and using it's crypto
functions to create a hash of the password to be stored and checked against.
Currently, GRASS logins are stored in clear text. I realize this isn't
an issue for GRASS users, however, I would still like to resolve the issue.
I hate adding dependencies, but security is best left to security
experts and I strongly advocate against duplicating security related code.
Any comments or suggestions?
--
Best Regards,
-Brad
More information about the grass-dev
mailing list