agentmilindu
commented
8 years ago Yes Kasun, we have to fix this. We can use bcrypt password hashing as @lucasjones did in #24
Open kasunbalasooriya opened 8 years ago
agentmilindu
commented
8 years ago Yes Kasun, we have to fix this. We can use bcrypt password hashing as @lucasjones did in #24
Currently the username and passwords are stored as plain text in the database. (except in the first instance when the administrator is created). The passwords can hashed and salted. (a separate table has to be created to store the salts)