Protect query_password

Question

Protect query_password

molidev opened this issue 6 years ago · 4 comments

Good morning, I saw on the database that query_password it´s store on text-plain.I would recommend you that store this field encrypt with (for example SHA-512)

Answer 1 · 2019-02-09T13:09:08.000Z

Query password is not used for user authentication, it is send to the TeamSpeak Query Interface in the plaintext form. One-way hashing functions (like SHA*) will not work for that purpose.

The only option here would be not to hash, but to encrypt it. But I don't think it's worth it.

Answer 2 · 2019-02-09T13:09:55.000Z

The only thing we can do is base64encode/decode so it's not completely obvious

Answer 3 · 2019-02-09T13:10:32.000Z

Yeah, that will improve security by a lot XD

Answer 4 · 2019-02-09T13:16:35.000Z

Yeah, that will improve security by a lot XD

Well, it will scare people that think everything with a = at the end is encrypted and the people that are too stupid to decode it.