API user password stored in plain text in DB

[surfnet-niels]

The password of the user that is allowed to authenticate to the API of serviceregistry (by default 'engine') is stored in plain text in the Janus database (table janus__user). Using something common like PASSWORD('enginepassword') breaks the connection between engine and SR API

[lucasvanlierop]

It is already configurable if we change this config line to use a parameter for the hashing algorithm https://github.com/janus-ssp/janus/blob/b6a1bb6ec0bdf333e4ff4ae77acb3ca308ca3837/app/config/security.yml#L3

For compatibility reasons password encoding has been set to plaintest but this can off course be changed. Note that this has not been tested with janus yet, we might discover some other issues when implementing this. @pmeulen can you add this to a milestone?

[lucasvanlierop]

Did not notice this issue was created in the wrong repo at first but would you create an issue to request support for password hashing the janus project: https://github.com/janus-ssp/janus? Thanks ;-)

[surfnet-niels]

https://github.com/janus-ssp/janus/issues/424