Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passwd File Management #1873

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Passwd File Management #1873

wants to merge 3 commits into from

Conversation

kodamaChameleon
Copy link

Pull Request: User Management Enhancements

Summary

This pull request introduces the following changes:

  1. Adds .venv to .gitignore to ignore virtual environments.
  2. Adds sfusers.py to manage users and passwords in the password file ~/.spiderfoot/passwd.
  3. Updates sf.py to use the username:realm:ha1 format from passwd instead of username:password.

Commits

Commit ef2d608a1b76ff3dc3a133020d4329171997d664

Add .venv to .gitignore
This commit updates the .gitignore file to include .venv directory commonly used for isolating python virtual environments. Ignoring this directory helps prevent unnecessary files from being tracked by Git.

  • Prevents clutter in the repository by excluding environment-specific files.
  • Reduces the risk of accidentally committing sensitive or irrelevant files.
  • Keeps the repository clean and focused on the source code.

Commit 017a206fcdb5df37140fc1e4386190db596aea80

Update sf.py to use username:realm:ha1 format
This commit updates sf.py to read and process the ~/.spiderfoot/passwd file using the username:realm:ha1 format instead of the username:password format. This change aligns with the more secure practice of storing hashed passwords.

  • Enhances security by using hashed passwords instead of plain text passwords.
  • Makes the system more robust against potential password breaches.
  • Aligns the password storage format with industry best practices for authentication.

Commit d2ff0c8c2ba3db66de460167a941e762346ee0ba

Add sfusers.py for user management
This commit introduces a new script, sfusers.py, to manage users and passwords in the ~/.spiderfoot/passwd file. This script provides functionalities to add, update, and delete users, as well as hash their passwords for secure storage.

  • Centralizes user management functionality, making it easier to maintain and extend.
  • Enhances security by hashing passwords before storing them.
  • Simplifies the process of managing user credentials, which improves overall user experience and system administration.

Conclusion

These changes collectively improve the security, maintainability, and usability of the project. Ignoring virtual environments prevents unnecessary files from cluttering the repository. Introducing sfusers.py provides a centralized and secure method for managing user credentials. Updating sf.py to use hashed passwords enhances security and aligns with best practices such as secure by design.

All changes have been tested for functionality in a virtual environment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kodamaChameleon