I noticed this the other day. I am not on a shared server and it makes me a bit nervous. Also, it's not really fair to people working on your project as many people have a "common" password (good or bad).
Jeremy Ron Aaron <r...@ronware.org> wrote: > I didn't see an option, perhaps it's not even on the list of requests... but > when I look at the 'user' table, the user's password is stored in cleartext. > > Having my fossil file on a shared server, this makes me a bit nervous. > Anyone > who has access to that file can read all the user passwords. > > It would be trivial to change the password stored to sha1(login+pw). In that > case it would also be difficult to hack, since different users with the same > password would have wildly different values saved in the user table. > > -- > Sending me something private? > Use my GPG public key: AD29415D _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
