Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Software > Calibre

Notices

Reply
 
Thread Tools Search this Thread
Old 04-26-2018, 03:06 PM   #1
Vicendithas
Junior Member
Vicendithas began at the beginning.
 
Posts: 1
Karma: 10
Join Date: Feb 2017
Device: Kindle Paperwhite 3
Web Server Password Encryption

I recently set up my Calibre library to use the web server feature so that I could access my library from anywhere, as well as give friends and family access to my books. I set it up such that it requires a username and password, mostly because I don't want someone random stumbling upon it and deleting all my books. Out of curiosity, I downloaded a database reader to open the server-users.sqlite file that is stored in %APPDATA%/calibre. I found that the passwords are stored in plaintext. It's not a huge deal because someone would have to get access to my computer to get those passwords, but it's probably something that should be addressed eventually.

Regards,

Vicendithas
Vicendithas is offline   Reply With Quote
Old 04-26-2018, 10:01 PM   #2
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 33,381
Karma: 10205094
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
The passwords have to be stored in plaintext, because otherwise you lock-in a single auth method (you would have to store the MD5 hash of the password for digest auth). This has various problems:

1) The stored password can only be used for digest auth or plaintext auth. No other auth schemes that might be developed in the future can be used.
2) MD5 is broken and so storing using an MD5 hash is only a marginal improvement over storing in plaintext.
kovidgoyal is offline   Reply With Quote
Advert
Reply

Tags
password, plaintext, security, server, wumbology

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Server password change Gazerwolf Calibre 2 06-30-2017 07:26 AM
The state of access protection (password/encryption) on e-reader devices fx32 Which one should I buy? 11 12-13-2016 10:43 PM
Porting Calibre's built-in web server to a remote server? perryja Related Tools 6 05-02-2013 09:05 AM
Password in content server Siemon@stegmeije Library Management 2 12-10-2012 03:10 PM
calibre-server OPDS catalog - manual move to web server HaakonME Related Tools 5 09-21-2012 03:11 AM


All times are GMT -4. The time now is 09:29 PM.


MobileRead.com is a privately owned, operated and funded community.