Hash password with bcrypt and store in config.yaml #3432

jsjoeio · 2021-05-20T23:22:49Z

Problem

As a user, I would like to be able to hash my password using the same bcrypt algorithm used by code-server.

However, the bcrypt and bcrypt.js algorithms are different so you can't in the same way you can with sha256.

Add a CLI option to set password (which we hash for User using bcrypt)

code-server --config password=<password> -> hashes and stores in config.yaml

(open to other ideas for this though^)

Todos

update docs
add backwards-compatiblity for those still hashing with sha256
let user provide password via stdin to avoid having the plaintext password in their shell history

The text was updated successfully, but these errors were encountered:

rabidpug · 2021-05-21T00:04:33Z

would be good if the user could provide password via stdin to avoid having the plaintext password in their shell history.

jsjoeio · 2021-05-21T17:42:51Z

Didn't even think to consider that - great point @rabidpug 👍

quentincaffeino · 2021-11-10T15:53:08Z

would be good if the user could provide password via stdin to avoid having the plaintext password in their shell history.

Put a space before your command, this way it won't be stored in history.

code-asher · 2024-07-13T01:38:15Z

Merging with #3546

jsjoeio added security Security related feature New user visible feature labels May 20, 2021

jsjoeio added this to the On Deck milestone May 20, 2021

jsjoeio self-assigned this May 20, 2021

jsjoeio mentioned this issue May 20, 2021

fix: use sufficient computational effort for password hash #3422

Merged

5 tasks

code-asher closed this as not planned Won't fix, can't repro, duplicate, stale Jul 13, 2024