Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

不要明文存储密码在配置文件内 #1100

Closed
2 tasks done
RogerProSelf opened this issue May 4, 2024 · 4 comments · Fixed by #1119
Closed
2 tasks done

不要明文存储密码在配置文件内 #1100

RogerProSelf opened this issue May 4, 2024 · 4 comments · Fixed by #1119
Labels
enhancement New feature or request

Comments

@RogerProSelf
Copy link

功能描述

希望能在配置密码之后将密码以哈希值等方式存储,而不是明文写入配置文件,增加安全性,谢谢!

解决的问题

No response

附加信息

No response

检查清单

  • 我已搜索同类问题,并确保没有我要提交的功能
  • 我已使用最新版本,并确保该功能仍未在最新版本中实现
@RogerProSelf RogerProSelf added the enhancement New feature or request label May 4, 2024
@jeessy2
Copy link
Owner

jeessy2 commented May 5, 2024

欢迎PR, 有些hash也不安全。如果都能看见你配置文件了,那电脑也不安全了啊

@KirinRyuuri
Copy link

如果使用 Windows ,可以用 NTFS 的权限限制掉配置文件的查看
如果使用 Linux ,可以用 ACL 单独限制配置文件查看

@happyelements01
Copy link

happyelements01 commented May 13, 2024
edited

自己收紧 AKSK 权限才是王道,出问题控制在最小

@jeessy2 jeessy2 mentioned this issue May 18, 2024
Merged
@jeessy2
Copy link
Owner

jeessy2 commented May 18, 2024

https://github.com/jeessy2/ddns-go/actions/runs/9140525236
下载试下,用bcrypt加密

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: reset password jeessy2/ddns-go
4 participants
@jeessy2 @KirinRyuuri @happyelements01 @RogerProSelf