Skip Menu |

This queue is for tickets about the Bot-BasicBot-Pluggable CPAN distribution.

Report information
The Basics
Id: 63232
Status: resolved
Priority: 0/
Queue: Bot-BasicBot-Pluggable

People
Owner: Nobody in particular
Requestors: davidp [...] preshweb.co.uk
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: B::BB::P::Module::Auth stores passwords in plain text
Bot::BasicBot::Pluggable::Module::Auth stores the passwords for users in plain text in the bot's store. Granted, nobody should be using an important password for their account on an IRC bot, but I still think it makes sense to store salted hashes instead. I've written a patch which does exactly that - it continues to recognise old plain-text passwords, but whenever someone changes their password or a new user is added, a salted hash of the password is stored instead. I'd be happy to contribute this patch - should I supply it here, or send a pull request to a Github repo? Whatever is easier for you...
I'm closing this ticket, since I've submitted the patch via a pull request on Github.