Support for encrypted storage of passwords

Question

Support for encrypted storage of passwords

Closed this issue 9 years ago · 4 comments

Hi!

Am I missing something or are the passwords stored in plain text in the storages? It looks to me that all passwords are matched against their unencrypted dito. Are there any planned feature improvements on this or are you open for pull requests?

Answer 1 · 2015-12-07T21:31:37.000Z

are you referring to the client secrets?

Answer 2 · 2015-12-07T21:33:08.000Z

Yes, the client secrets :)
Den 7 dec 2015 22:31 skrev "Jordan Liggitt" notifications@github.com:

are you referring to the client secrets?

—
Reply to this email directly or view it on GitHub
https://github.com/RangelReale/osin/issues/102#issuecomment-162669979.

Answer 3 · 2015-12-07T21:48:57.000Z

I think I agree. I'd envision something like https://github.com/RangelReale/osin/pull/103, where the password is passed to the storage for comparison, which allows salting/encryption, etc.

Answer 4 · 2015-12-11T22:34:27.000Z

Fixed by #103