Don't store plaintext passwords

http://dbareactions.tumblr.com/post/41455377237/when-i-see-app-passwords-stored-in-clear-text-in
author: Paul Arthur <paul.arthur@flowerysong.com> 2013-02-12 10:49:11 -0500
committer: Paul Arthur <paul.arthur@flowerysong.com> 2013-03-28 16:56:22 -0400
commit: 58ba28b0d36d3b823e8631814888f604dd82510d (patch)
tree: 114c3f3b1702c411cef2288027597a2da410d8c4 /lib/class
parent: 4b4e7decf647ec235d8c7dff0757e2e4924f0fb5 (diff)
download: ampache-58ba28b0d36d3b823e8631814888f604dd82510d.tar.gz
ampache-58ba28b0d36d3b823e8631814888f604dd82510d.tar.bz2
ampache-58ba28b0d36d3b823e8631814888f604dd82510d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/class/catalog.class.php b/lib/class/catalog.class.php
index 88d63674..1e2878bf 100644
--- a/lib/class/catalog.class.php
+++ b/lib/class/catalog.class.php
@@ -241,7 +241,7 @@ class Catalog extends database_object {
         $rename_pattern = $data['rename_pattern'];
         $sort_pattern = $data['sort_pattern'];
         $remote_username = $type == 'remote' ? $data['remote_username'] : '';
-        $remote_password = $type == 'remote' ? $data['remote_password'] : '';
+        $remote_password = $type == 'remote' ? hash('sha256', $data['remote_password']) : '';
 
         $sql = 'INSERT INTO `catalog` (`name`, `path`, `catalog_type`, ' .
             '`rename_pattern`, `sort_pattern`, `remote_username`, ' .
author	Paul Arthur <paul.arthur@flowerysong.com>	2013-02-12 10:49:11 -0500
committer	Paul Arthur <paul.arthur@flowerysong.com>	2013-03-28 16:56:22 -0400
commit	58ba28b0d36d3b823e8631814888f604dd82510d (patch)
tree	114c3f3b1702c411cef2288027597a2da410d8c4 /lib/class
parent	4b4e7decf647ec235d8c7dff0757e2e4924f0fb5 (diff)
download	ampache-58ba28b0d36d3b823e8631814888f604dd82510d.tar.gz ampache-58ba28b0d36d3b823e8631814888f604dd82510d.tar.bz2 ampache-58ba28b0d36d3b823e8631814888f604dd82510d.zip