Subj : Re: Password Salt
To   : g00r00
From : Andy Gorman
Date : Sun May 02 2021 03:06 pm

On 02 May 2021, g00r00 said the following...
 
 g0> Ok let me know how that works out we can also look into the REST API
 g0> side too if you have patience to wait/test it lol.

It works pretty well so far.  If anyone wants to see it in action, create an account on my BBS (bbs.thepotogold.net:4888) and then go here:  https://api.thepotogold.net/UserCheck?u=<your username>&pw=<your password> It will return true if you entered the right info and false if you didn't.

As for testing your version, I'd more than happy to test it out with you.

 g0> for them.  I think I also have an undocumented variation of the -auth
 g0> command that accepts a SHA512 hash too if you want to avoid passing
 g0> cleartext command lines.

I'm only passing unecrypted values between the API and the bbs (both on the same system), so I'm not as worried about clear text.  The API is using SSL, so it's encrypted right from the user's browser that may be using it.

 g0> I did carve out a /mysapi/ endpoint on the webserver for the REST side
 g0> but there isn't a command to validate a password (yet).

Interesting.  Is that there now or is it in development?

Andy
--- Mystic BBS v1.12 A47 2021/04/20 (Windows/32)
 * Origin: The Pot O'Gold - bbs.thepotogold.net:4888 (1:229/426.52)

.