Code: Select all
MD5Password=b05a1df962c7a8ba330b33de3b64e07f
Well, the config is in share location like /etc.KaraokeStu wrote:I guess it may be possible to enable a config option for example, you would leave the password blank and have the following:
Which happens to be the MD5 hash of "nzbget"Code: Select all
MD5Password=b05a1df962c7a8ba330b33de3b64e07f
This basically is one-way encryption, so you would encrypt your password first and store it in the config file.
Then NZBGet will MD5 your input and check against the hash stored in the config file.
If they match, then its obviously the right password, if not then it's wrong.
The problem you have is if you forget your password with this method.
I also don't see the problem in storing the password within the file as it is not accessible by anyone else (or shouldn't be, if you have your security setup correctly)
Is it more you are worried about it being available via NZBGetWeb ?
I do have a few people using my box via SSH. /etc is viewable to them without sudo/root.KaraokeStu wrote:But surely the only people that would have access to /etc would be people that have direct access to your linux machine?
As far as I'm aware /etc is never shared by default on SAMBA or CIFS, so nobody outside of your box would have access to it.
Also, if they have access to your box, they could just change the password themselves anyway?
Yes, I guess. I was hoping to share the access.KaraokeStu wrote:Gotcha....
Well you could move the config file somewhere they cant access?
You can use NZBGet -c [configfile] to load it that way?
You could store the md5 hash of the password in the config-file. And let the nzbget compare the md5 hash of the user supplied password, with the hash in the config-file. If they match, the password should be oke. (amule webinterface is using this principle)hugbug wrote:If passwords are enctrypted in config file the program should know the master password. So it must be built into executable. Since a built-in password can be easily read from source code that kind of encryption would be not secure.
Users browsing this forum: No registered users and 46 guests