pfista
commented
7 years ago Thanks for reporting this. As per our readme:
For the sake of simplicity and setup speed, the development VM does not include any authentication or permission. For developing with sensitive data, we encourage developers to add their own protection, such as only running Nylas on a local machine or behind a controlled firewall. Note that passwords and OAuth tokens are stored unencrypted in the local MySQL data store on disk. This is intentional, for the same reason as above.
Problem Passwords are stored in clear text
Steps to reproduce inbox-auth account login to mysql database SELECT * FROM secrets; Password for email shown in clear text
Expected Encrypted password in database