Insecure storage of credentials

[leotovell]

I see you store credentials in plaintext. Perhaps I could suggest using a simple hashing algorithm such as SHA256 (always makes a 64char hash so is manageable). Then just simply rehash the submitted password and compare to that in the file :D

[RokeJulianLockhart]

Well, that's what I get for blindly trusting Replit and letting them manage the integration. Thanks, @LeoTovell. I'd rather use a secret manager than a hash algorithm since I'd probably need to salt it too, so I'll just nuke the affected files and invalidate the credentials since they're in the git log already and I'd rather not recreate the .git if possible.

Oh, I get it! Just did https://github.com/search?q=repo%3ARokeJulianLockhart%2F20-hour-project-dice-game%20password&type=code and you must have been talking about https://github.com/RokeJulianLockhart/20-hour-project-dice-game/blob/709e53ad22a100939db4881afcb0aa9673e8515c/main.py#L90

[RokeJulianLockhart]

@JaredRichardWilliam, listen to this guy - he knows what he's doing. By the way, we should probably transfer the REPL to your account at some point. Since there are python libraries for this, it's actually not that difficult, and in this case is probably actually easier than using a secret manager's API. It's definitely more portable.

[leotovell]

I know this is not a chat forum- but is the project brief online anywhere? I'm in dire need of some inspiration of something to code...

[RokeJulianLockhart]

You'd be best asking https://canary.discord.com/users/480293481395519501 for that document specifically. However, if you need things to code, I can send you a myriad of things I've not been able to finish! XD

[leotovell]

Please do send them over. Send them to me on discord (galileocs is my username).

[RokeJulianLockhart]

I think you've blocked me on there though, ya fat bastard

[leotovell]

I most certainly havent. I tried to send you a message and got this :D

[RokeJulianLockhart]

I'm getting the same though?!