-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implemented password hashing using bcrypt #8
Implemented password hashing using bcrypt #8
Conversation
e57cb04
to
9399072
Compare
bb324e3
to
621622b
Compare
vspd.go
Outdated
@@ -37,6 +38,12 @@ func main() { | |||
} | |||
} | |||
|
|||
// hashPassword hash cfg.AdminPass and returns the hash. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// hashPassword hash cfg.AdminPass and returns the hash. | |
// hashPassword hashes cfg.AdminPass and returns the hash. |
webapi/admin.go
Outdated
@@ -197,12 +198,18 @@ func ticketSearch(c *gin.Context) { | |||
}) | |||
} | |||
|
|||
// CheckPasswordHash compare hash value of password with hash. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// CheckPasswordHash compare hash value of password with hash. | |
// CheckPasswordHash compares the hash value of the provided password with the provided hash. |
621622b
to
e8e5864
Compare
Per SEI CERT C Coding Standard This uses bcrypt is a special type of hashing package designed solely for password hashing to hash the admin password. VSP operators can start vspd without a password in the config or commandline after first initiating vspd with an admin password. VSP operators update admin password when they provide it via config or commandline. |
Please review this implementation, I can make changes where needed.