• Registered: 2019-01-21
  • Posts: 12

Topic: Bug: password handling

It is inconvenient to have the password stored in a separate file from the config file. I was told this was for security, but config.xml and jbcore/pswd.php are both accessible from the client side. To be secure, instead of storing passwords in plain text in any file, passwords should be passed through a secure digest such as SHA-2 and the result of that process stored. If this approach is taken, they can be in config.xml, because knowing these values does not inform anyone of the passwords themselves.

  • Registered: 2012-04-24
  • Posts: 5,924

Re: Bug: password handling

... but config.xml and jbcore/pswd.php are both accessible from the client side.

A gallery's 'config.xml' file is easily found and visible to all but no web site visitor should be able to access the contents of a gallery's 'pswd.php' file (as long as the web server is configured correctly).
Also, in my experience, people don't seem to use very secure passwords for their Juicebox galleries.
Typically, people like to password protect galleries to allow only friends and family to view them and frequently use passwords which are easy to remember.
With rainbow tables readily available on the internet, keeping a password hidden in a PHP file might still be a better option than putting its hashed form in plain view (especially for weak passwords).
However, this is a design choice for the developers to make so I've copied your post to the Feature Requests thread here.

  • Registered: 2019-01-21
  • Posts: 12

Re: Bug: password handling

I agree that weak passwords are very likely for family photo galleries -- even for me as a security-minded person. But, it is not much more work to generate and then store a secure hash than a plain text password, and even though rainbow tables will conquer weak passwords, if any of your customers care to use good passwords, they can have high confidence in the security of their perhaps more sensitive images. A simple mistake (or malicious act) in server administration or a .htacess file can result in a php file being sent out as plain text instead of causing it to be processed by the php module on the web server. This is why it is better to use a secure digest or a file outside of docroot instead of plaintext embedded in a php file. Since your customers typically will not be able to utilize a file outside of docroot, the hash is the most secure option remaining.

  • Registered: 2012-04-24
  • Posts: 5,924

Re: Bug: password handling

There is no doubting that a hashed password is more secure than a plain text one.
It is certainly something for the developers to consider.
Thank you, once again, for your suggestion.