Closed molidev closed 5 years ago
Wruczek
commented
5 years ago Query password is not used for user authentication, it is send to the TeamSpeak Query Interface in the plaintext form. One-way hashing functions (like SHA*) will not work for that purpose.
The only option here would be not to hash, but to encrypt it. But I don't think it's worth it.
Bluscream
commented
5 years ago The only thing we can do is base64encode/decode so it's not completely obvious
Wruczek
commented
5 years ago Yeah, that will improve security by a lot XD
Bluscream
commented
5 years ago Yeah, that will improve security by a lot XD
Well, it will scare people that think everything with a = at the end is encrypted and the people that are too stupid to decode it.
Good morning, I saw on the database that query_password it´s store on text-plain.I would recommend you that store this field encrypt with (for example SHA-512)