vladimircicovic
commented
6 years ago Also there is better way - encrypt password with password so decrypt when it runs (user need to put passwords)
Open vladimircicovic opened 6 years ago
vladimircicovic
commented
6 years ago Also there is better way - encrypt password with password so decrypt when it runs (user need to put passwords)
This is wrong:
"gmail": { "username": "dataexfil@gmail.com", "password": "ReallyStrongPassword", "server": "smtp.gmail.com", "port": 587
it must be like:
"gmail": { "username": "dataexfil@gmail.com", "password": "51727212cfae625b763d7e053d55e3a8a36d0b4465b95428b46340d66cae8f97", "somerndstring": "somerandomstring" "server": "smtp.gmail.com", "port": 587
where password: sha256(somerandomstringReallyStrongPassword)
leaving in clear text password is wrong way to do.