JulienParis
commented
5 years ago This was not supposed to stay that way, but ... too many things to do for so short time ...
Still... yes it's a problem to fix quite quickly, but the thing is : we already have some users (not that much, we could re-enter the infos to recreate them), and more importantly if someone forgets its password there is currently not process in place to retrieve someone's password (for instance by sending an email with a protected route) ...
I put some ideas to fix that with the existing users here : https://github.com/entrepreneur-interet-general/OpenScraper/issues/46
Unless I'm mistaken, I noticed that user passwords are stored unobfuscated in the database.
It looks like a quite annoying issue.
Passwords should be salted and hashed using a bruteforce resistant hashing function like pbkdf2.