github-actions[bot]
commented
3 years ago Thank you for helping out the development of this project by placing your first issue. The team behind nwa will address its issues as soon as possible. Best regards, the developers.
The passwords belonging to people's houses are being hashed before travelling through TTN, and then unhashed by the server. This is all fine. The passwords are however not hashed before being saved to the database files. These files are only meant to be stored locally and aren't human-readable, but in case someone has access to the server program and the corresponding database files for a neighborhood, it would be possible to retrieve the information fairly easy.
Therefore, the passwords should be hashed before being saved to the database, and the retrieval of logindata over TTN should account for this.