Would it be possible to store the password to the webui as an md5 hash in sabnzbd.ini? I know I could just restrict access to the file, but it would be nice if the password could also be stored encrypted. It would use the same model for password storage in a file as /etc/passwd, /etc/apache2/.htdigest, etc.
Even software like deluge stores password encrypted.
store webui password as md5 encrypted in sabnzbd.ini
Re: store webui password as md5 encrypted in sabnzbd.ini
He's just asking for the web ui password to be encrypted. That we can hash because we're receiving the cleartext from the user and can compare the hash of the cleartext against a stored hash. For other things (newzbin login/pass, server login/pass) we can't hash that because it has to be sent in cleartext to newzbin or the server, so if we hash that it's not going to work.pair of dimes wrote: Why do you say this and not other sensitive information?
Personally I open sabnzbd.ini all the time to grab account credentials, so I'm glad they are not encrypted, but I could see why someone might want them to be.
Usenet logins are usually directly tied to the provider's website members' area, which may provide personal billing details.
. . so the problem is, if we can only encrypt one field, and it's the least-useful field to encrypt, why should we bother encrypting any of it?