Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure Password Exchange #21

Open
operant opened this issue Feb 28, 2017 · 1 comment
Open

Secure Password Exchange #21

operant opened this issue Feb 28, 2017 · 1 comment
Assignees
@operant
Labels
enhancement med priority team auth

Comments

@operant
Copy link
Collaborator

operant commented Feb 28, 2017

Due to the potential security risks associated with the various SSL configuration options, the password should not be provided as straight plaintext to the server. Instead, the PyNaCl library will provide a very secure public key exchange method for passing this password from the client to the server. Should mitigate MITM attacks.
@operant operant self-assigned this Feb 28, 2017
@operant
Copy link
Collaborator Author

operant commented Mar 11, 2017

Might instead use PyNaCl for password exchange if a self-signed cert is being used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@operant operant

Labels
enhancement med priority team auth
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@operant