Closed alexisbouchez closed 6 days ago
I'd be interested in helping out on this issue. I've reviewed the code and it appears that the portion of consideration is smtp_backend.go. Are you wanting to utilize the AuthMechanisms, Auth or create a new function all together? Do you have standards you need to meet or will SHA256 be sufficient?
I'd be interested in helping out on this issue. I've reviewed the code and it appears that the portion of consideration is smtp_backend.go. Are you wanting to utilize the AuthMechanisms, Auth or create a new function all together? Do you have standards you need to meet or will SHA256 be sufficient?
You can do it in the Auth
function, and make sure to use bcrypt (as it is already used to hash passwords). Feel free to join the Discord server to discuss it further.
Moving to https://github.com/valyentdev/ferdinand
Context
As of today, SMTP API Keys values are stored in plaintext in the database.
The issue is that if the database gets leaked, the SMTP server will become vulnerable.
To fix this issue, we could hash the value, just as we would hash a user's password.
Tasks to solve this issue