password in clear text
vladimircicovic opened this issue · 1 comments
vladimircicovic commented
This is wrong:
"gmail": {
"username": "dataexfil@gmail.com",
"password": "ReallyStrongPassword",
"server": "smtp.gmail.com",
"port": 587
it must be like:
"gmail": {
"username": "dataexfil@gmail.com",
"password": "51727212cfae625b763d7e053d55e3a8a36d0b4465b95428b46340d66cae8f97",
"somerndstring": "somerandomstring"
"server": "smtp.gmail.com",
"port": 587
where password: sha256(somerandomstringReallyStrongPassword)
leaving in clear text password is wrong way to do.
vladimircicovic commented
Also there is better way - encrypt password with password so decrypt when it runs (user need to put passwords)