Add warning for plaintext passwords, set default password mode to secure

Signed-off-by: Sebastian Sterk <sebastian@wiuwiu.de>
2019-08-01 12:53:46 +02:00
parent 66747dbaa9
commit 5dc9b1db12
2 changed files with 5 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -195,7 +195,7 @@ Add the following to your `config.php`:
                    2 => 'dbuser',
                    3 => 'dbuserpassword',
                    4 => 'xmppdomain',
-		    5 => true,
+                    5 => true,
                ),
            ),
    ),
@@ -207,6 +207,9 @@ Add the following to your `config.php`:
 4 - XMPP Domain
 5 - Hashed Passwords in Database (true) / Plaintext Passwords in Database (false)

+**⚠⚠ Warning:** If you need to set *5 (Hashed Password in Database)* to false, your Prosody Instance is storing passwords in plaintext. This is insecure and not recommended. We highly recommend that you change your Prosody configuration to protect the passwords of your Prosody users. ⚠⚠
+
+
 Alternatives
 ------------
 Other extensions allow connecting to external user databases directly via SQL, which may be faster: