krombel/matrix-register-bot
1
0
Fork 0
Code Issues 4 Pull Requests Releases Activity

complete (insecure) password fetching on registration

Browse Source
This commit is contained in:
Matthias
2018-05-27 13:00:48 +02:00
parent 083c848347
commit a8903dcf9a
8 changed files with 38 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -47,6 +47,12 @@ When using `operationMode=local` you can have the following benefits (some requi
To allow the bot to verify the email address of the user and to interact with them e.g. in case of approval this bot needs a running mailserver configuration.
This bot relies on php to be properly configured.
### Security: Passwords for registration are stored in clear text
Currently the passwords which are typed in while capturing the register request are stored in clear text.
It is currently strongly recommended to set `"getPasswordOnRegistration" => false` in your config!
This leads to autocreating passwords which will then be send to the users directly
without storing it.
### Use the ChangePasswortInterceptor (if `operationMode=local`)
To allow users to change their pasword you need a reverse proxy which maps `/_matrix/client/r0/account/password` to `internal/intercept_change_password.php`.