Don't leave the clear password on the config file

[bota87]

I suggest to replace the clear text password with an hash on the first start in the lit.conf file

[jamaljsr]

Thanks for the feedback @bota87. I agree you shouldn't store the plain-text password in a config file, though I'm not 100% sure that hashing it on first start is the ideal solution. In a production environment, I would encourage the use of the uipassword_env flag which pulls the value from an environment variable. This is pretty much a standard method throughout the industry for storing and using confidential data on secured systems. Maybe we should make this clear in the docs. I'm interested to know what others think on this topic as well.

[bota87]

Hi @jamaljsr, thank's for your reply. I've suggested this solution because is the way I have seen this doing in other project like Ride the lightning and TunderHub. I think storing the hash of a password is always safer than store the plain password, regardless of where it is saved, and preferable when, like in this case I suppose, the software does't need to know it.

[bota87]

Even bitcoin core store hashed password in bitcoin.conf for the rpcauth

[emplexity]

@jamaljsr , full support to the proposal of @bota87, lit can be used to rob your funds...

[tehelsper]

Agreed. If it is specified via an env variable or file, the password is still stored in plaintext somewhere. It would be preferable to store the hashed version on disk so the plaintext copy only needs to be stored in memory for a short period of time.

An alternative config item should be easy to implement to avoid backwards compatibility issues. A new option like this would be really nice.

uipassword_hashed=a12f53f3220ab85414b7eb7f393d5d01d1f2b1b23f4806f229af705eae6c307a7132d2962c8e8620f5429b9ef702e97be376b96ee339e036bb6a5d216c11c480