Password encryption and storage

[Durwin De La Rue]

Am I correct assuming the password is stored in MySQL? What encryption is used? Would it be easy for an external program to access this password (running on server)?

 

[Mike]

It is in the database. There are varying formats for the password, though the default is bcrypt. It would be possible for this to be accessed via the database directly, though this would require custom coding to authenticate.

 

[Tealk]

@Mike Is it still bcrypt in 2.x?

 

[Mike]

Yes. (Though 2.1 does also potentially expose some of the new options for password_hash if your PHP supports it. That's entirely opt-in via the config file though, as it also requires non-standard PHP compilations.)

 

[Tealk]

Thank you very much for the quick answer.

I'm currently trying to create a login with Nextcloud.

 

[Penguinexpert1]

@Tealk I had a go with that, and that plugin uses some assumptions on how the database is formatted. I recommend using https://apps.nextcloud.com/apps/user_backend_sql_raw - However I didn't succeed with this one either sadly.

 

[Tealk]

@Penguinexpert1 So far everything works except the login because bcrypt is not selectable.

 

[Penguinexpert1]

Interesting, thanks - I'll give it another go

 

[Tealk]

Interesting, thanks - I'll give it another go

And were you successful?

 

[Tealk]

With the API it should be feasible?

REST API endpoints (2.2)

This document assumes you have already created an API key and setup the necessary headers for your request. Learn more about using the API.

xenforo.com