Hi
I am creating a new plugin that requires the persons username and password in order to log in and update a dns entry. Is there anyway to hide the password entered and stored as a variable?
So I have an input box and a save button… But I don’t like the idea that I have now saved that to the variable list that someone could go and look at…
You can always saved the hashed variable.
Thanks… Could you point me to an example of this?
Sent from my A0001 using Tapatalk
Check:
Cryptographic hash function - Wikipedia
There are a lot of options depending on security … then you have to map to languages where you need to access the password (js, lua ?)
From your description it looks like you will need to have access to the raw password in order to log in to the service. Hashing, as suggested by Richard, would only be an option if it was reversible, that is, you can get the raw password back from the hashed password. Not all hash functions are reversible. (Some people use the word “hash” to mean something that is by definition not reversible.)
Incidentally, this problem is part of the reason that more complicated authentication systems like OAuth were developed. But using them requires support from the other end on the web service and it seems you do not have that luxury.
So, assuming that you have to store the raw password somewhere: you could write it to a file on the Vera, and have your plugin read it at startup. Lua variables in the plugin, even global ones, are not shown in the web UI. They also don’t persist through a Luup reload, which is why you have to do work at Luup startup.
Ultimately, this is a game of security-through-obscurity. If your plugin can get the password, so can a determined user. You have to weigh up how obscure is good enough for you.
Best Home Automation shopping experience. Shop at Ezlo!
© 2024 Ezlo Innovation, All Rights Reserved. Terms of Use | Privacy Policy | Forum Rules