As mentioned before, I'm working on an API that will read certain
aspects of the data for a client of mine and all I have left to do is
to synch up the password hashes. Does anyone know what salt was used
to create the hashes? That way I can do an active comparison of
passwords and not use unecrypted storage.
I go back and forth as to whether or not I should document how to handle the hashes directly for something like what you want to do. But I would certainly hate for that to be the cause for someone to enable cleartext passwords (which is a feature I have considered removing as well).
Would the STDIO or REST API work for you as an alternative or is what
you are doing designed to work directly with data files only?
I'm going to try to capture the STDIO and see if I can get that to work.
If the re was a REST API, then that would be even better. Thanks for
all your support!
Ok let me know how that works out we can also look into the REST API
side too if you have patience to wait/test it lol.
for them. I think I also have an undocumented variation of the -auth command that accepts a SHA512 hash too if you want to avoid passing cleartext command lines.
I did carve out a /mysapi/ endpoint on the webserver for the REST side
but there isn't a command to validate a password (yet).
Sysop: | Eric Oulashin |
---|---|
Location: | Beaverton, Oregon, USA |
Users: | 91 |
Nodes: | 16 (0 / 16) |
Uptime: | 07:45:29 |
Calls: | 4,903 |
Calls today: | 4 |
Files: | 8,491 |
Messages: | 350,504 |
Posted today: | 1 |