scripts icon indicating copy to clipboard operation
scripts copied to clipboard
verified publisher icon weechat

iset shouldn't show passwords in plaintext

Open gsingh93 opened this issue 10 years ago • 3 comments

I was configuring some server setting with iset, and I saw my password in plaintext right above it. This normally hidden with normal weechat commands (i.e. /server add), but iset doesn't hide it.

gsingh93 avatar Oct 10 '15 02:10 gsingh93

you can use: /secure best thing you can do anyways, even if password is hidden.

highflyer77 avatar Oct 10 '15 03:10 highflyer77

I may be wrong, but I don't think triggers can affect iset and if they could it being external script, WeeChat probably shouldn't ship with a trigger for it.

Mikaela avatar Oct 10 '15 04:10 Mikaela

@highflyer77 I didn't know about that, it's awesome.

(Although, if the hash is included in the sec.conf file as a signature instead just some corruption check, it should really be an HMAC... But that's offtopic for this issue.)

gsingh93 avatar Oct 10 '15 05:10 gsingh93