the database package is coming along very well! We decided to instead of make an entirely new database package, to branch off of an old project which we all used to know as html-db ( which is still named that, but, that was solo me ), so, progress is going good on this!
1 Like
You put a HTML form on your page with a post request pointing to there site and they store/authenticate passwords.
But they are saying devs can view passwords, so are you guys one way hashing? That shouldn’t be possible with 1 way hashing…
3 Likes
They confirmed they were giving up on allowing devs to see passwords, hashed or not, after I and others pointed out it was a huge security risk
3 Likes
We may still do it, the web side of things is the only difficult part of this huge project, and the only reason why it is huge, is because of the web side of things
1 Like
May still do what?
1 Like
allow devs to see passwords
1 Like
NOOO don’t allow devs to see pwds
1 Like
ofc, there will be security if we do implement this, most likely an off-site master key that a generator must make
1 Like
Hashed or not?
1 Like
What purpose would it serve to allow developers to view passwords? It pointlessly weakens the cryptographic model.
Use bcrypt. That should be the end of the story.
7 Likes
depends
1 Like
But anyone could get into the devs account by guessing their password! It should be against the Glitch ToS to not hash passwords, it’s really simple and not doing it is just a security risk
1 Like
Yes @RA80533. bcrypt is really easy and you can hash the password by just doing about a line of code that you can just copy from the npm readme! Simples! 
1 Like
Remember: when you deal with encryption, you’re dealing with munitions according to U.S. law (see this thread). You should respect its implementation accordingly.
4 Likes
Remember this though:
4 Likes
I suggest that someone from @glitch_support closes this, if the OP want to store plain-text passwords go ahead, I’m not using this, I doubt others will too.
7 Likes
=/, it is web/server only/client only, the thing is universal, this part will only be for web…
1 Like
This is a major security vulnerability and should be shutdown. Projects that are openly storing plaintext passwords are a bad idea.
4 Likes
It won’t be openly storing them, lordy, is it this hard to get a point through to some of y’all?
we don’t have all the plans figured out yet, but YES, they will be encrypted, NO they will not be easy to acces, AND NO! openly storing anything sensitive is a dumb af idea, I’m not dumb to let it slide by in any project i’m involved in
1 Like