Subject: | B::BB::P::Module::Auth stores passwords in plain text |
Bot::BasicBot::Pluggable::Module::Auth stores the passwords for users in
plain text in the bot's store.
Granted, nobody should be using an important password for their account
on an IRC bot, but I still think it makes sense to store salted hashes
instead.
I've written a patch which does exactly that - it continues to recognise
old plain-text passwords, but whenever someone changes their password or
a new user is added, a salted hash of the password is stored instead.
I'd be happy to contribute this patch - should I supply it here, or send
a pull request to a Github repo? Whatever is easier for you...