I’m interested to understand how we can use secrets manager for password storage. Do you have any documentation on this?
Ah ok, so you don’t support secrets manager per se, you’re suggesting we build our own auth system using it?
Quick question, are you running the trains-server over http or https ?
We’d be using https in production
If you can reverse the hash you’re doing it wrong. A hashed password should be of no use to anyone, that’s the whole point. The application should only ever compare the hashed values of a password. This is basic application security.
This seems to me quite a fundamental security issue. Do you have a roadmap which includes resolving things like this?
this would not solve the issue of server admins knowing everybody’s passwords would it?
The concern is that user’s passwords are stored in plain text.