Hash passwords #8
Conversation
cleartext password storage is bad practice.
returns nil after first run
Thank you for the ping, but I am not the author of upstream, nor do I maintain any fork of this mod. I have a mod that optionally depends of playerfactions, but it is not interacting with factions passwords and is hopefully compatible with your PR. |
|
this means the mod would only support 5.9 ..... minetest/minetest@762fca5 |
I take it that's a no-go for you? |
|
We would need to at minimum add a tag/branch to the current state for anyone that wants to continue using cleartext anyway. |
|
Bumping up minimum version in my opinion is best thing to do here but as it apparently was 5.0 and change in compatibility is significant it could be good to at least tag last stable point with better compatibility (master branch atow) or create and advertise a release package. |
|
Might be good to cherry-pick some of the locale edits from #10 before making an EOL package release. Edit: and while at it add some languages |
|
support of the last two major releases of minetest is generally accepted minimum, however not hard set opposed 🤷 |
If there are concerns about data bloat, we can probably get away with truncating the hashes or using sha1 instead of sha256.
I didn't go through the trouble to add a setting to choose the algorithm (or none), but if that is requested, I'll implement it. IMO that's just complicating things.
There is also an amendment to a previous commit snuck in this one: variable admin priv wasn't being presented to users correctly.
@louisroyer feel free to implement this in your/upstream fork.