User passwords stored in plaintext

The documentation describes a method to use a internal authentication method to secure jitsi. (https://github.com/jitsi/jicofo#secure-domain)

This configures prosody to use the internal_plain authentication provider which saves user passwords in plaintext.

Thanks for the report! I updated the doc here:

Boris

1 Like

Could you please update the Docs to include the Path where the User-Athentication Infos are stored?

It would be also appreciated to include a hint about how to create a hashed password.

If you change your authentication option from “internal_plain” to “internal_hashed” your passwords will be hashed automatically.

  1. When you create a new user: Password will be hashed and stored in data store /var/lib/prosody/your-jitsi-meet-domain/accounts (Debian based systems)

  2. When you have users with plain passwords stored in /var/lib/prosody/your-jitsi-meet-domain/accounts (Debian based systems): an user password will be hashed and stored back in data store after first user login.

2 Likes