clarify password hashing

Code hashes (a best practice) passwords rather than encrypting them.

FossilOrigin-Name: 274a3d24e13dc8b578f57cb326c80dba0e98c9ad45163d2d4ccf05183685194d
This commit is contained in:
clach04@gmail.com 2023-04-02 15:53:08 +00:00
parent a8caf078eb
commit 2cba34c499

View file

@ -71,9 +71,9 @@ password = verySecret
write = true
```
Note that PicoDAV will replace this password with an encrypted version the next time it is accessed, don't worry about that, this is for extra safety, just in case the `.picodav.ini` is accessed by a hacker if you made mistake in your web server configuration.
Note that PicoDAV will replace this password with a hashed version the next time it is accessed, don't worry about that, this is for extra safety, just in case the `.picodav.ini` is accessed by a hacker if you made mistake in your web server configuration.
Here is an example of the password once it has been encrypted:
Here is an example of the password once it has been hashed:
```
password = '$2y$10$fbdabTjNPN3gMAUlaSEoR.kKHLnh0yMGneuJ7P2AOhSSNr8gUaCPu'