From 5dc9b1db12c1f2df52a31c1e783c0705bad6007b Mon Sep 17 00:00:00 2001 From: Sebastian Sterk Date: Thu, 1 Aug 2019 12:53:46 +0200 Subject: [PATCH] Add warning for plaintext passwords, set default password mode to secure Signed-off-by: Sebastian Sterk --- README.md | 5 ++++- lib/xmpp.php | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bf62121..85e886c 100644 --- a/README.md +++ b/README.md @@ -195,7 +195,7 @@ Add the following to your `config.php`: 2 => 'dbuser', 3 => 'dbuserpassword', 4 => 'xmppdomain', - 5 => true, + 5 => true, ), ), ), @@ -207,6 +207,9 @@ Add the following to your `config.php`: 4 - XMPP Domain 5 - Hashed Passwords in Database (true) / Plaintext Passwords in Database (false) +**⚠⚠ Warning:** If you need to set *5 (Hashed Password in Database)* to false, your Prosody Instance is storing passwords in plaintext. This is insecure and not recommended. We highly recommend that you change your Prosody configuration to protect the passwords of your Prosody users. ⚠⚠ + + Alternatives ------------ Other extensions allow connecting to external user databases directly via SQL, which may be faster: diff --git a/lib/xmpp.php b/lib/xmpp.php index 7e718a7..3d787ce 100644 --- a/lib/xmpp.php +++ b/lib/xmpp.php @@ -22,7 +22,7 @@ class OC_User_XMPP extends \OCA\user_external\Base { private $xmppDomain; private $passwordHashed; - public function __construct($host, $xmppDb, $xmppDbUser, $xmppDbPassword, $xmppDomain, $passwordHashed) { + public function __construct($host, $xmppDb, $xmppDbUser, $xmppDbPassword, $xmppDomain, $passwordHashed = true) { parent::__construct($host); $this->host = $host; $this->xmppDb = $xmppDb;