From dd83f184a95b7bed04a8280383da9efbd680b978 Mon Sep 17 00:00:00 2001 From: clach04 Date: Sun, 2 Apr 2023 08:53:08 -0700 Subject: [PATCH] clarify password hashing Code hashes (a best practice) passwords rather than encrypting them. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b09f1f9..0dfa940 100644 --- a/README.md +++ b/README.md @@ -71,9 +71,9 @@ password = verySecret write = true ``` -Note that PicoDAV will replace this password with an encrypted version the next time it is accessed, don't worry about that, this is for extra safety, just in case the `.picodav.ini` is accessed by a hacker if you made mistake in your web server configuration. +Note that PicoDAV will replace this password with a hashed version the next time it is accessed, don't worry about that, this is for extra safety, just in case the `.picodav.ini` is accessed by a hacker if you made mistake in your web server configuration. -Here is an example of the password once it has been encrypted: +Here is an example of the password once it has been hashed: ``` password = '$2y$10$fbdabTjNPN3gMAUlaSEoR.kKHLnh0yMGneuJ7P2AOhSSNr8gUaCPu'