From: Remi Gacogne Date: Wed, 31 Mar 2021 07:06:45 +0000 (+0200) Subject: auth: Document that the webserver password and API key can be hashed X-Git-Tag: dnsdist-1.7.0-alpha1~12^2~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1a1c292163864f5832c7cdbff48e2fce6c4055f1;p=thirdparty%2Fpdns.git auth: Document that the webserver password and API key can be hashed --- diff --git a/docs/http-api/index.rst b/docs/http-api/index.rst index 34c01e4c39..60b449fff9 100644 --- a/docs/http-api/index.rst +++ b/docs/http-api/index.rst @@ -16,7 +16,7 @@ The following webserver related configuration items are available: * :ref:`setting-webserver`: If set to anything but 'no', a webserver is launched. * :ref:`setting-webserver-address`: Address to bind the webserver to. Defaults to 127.0.0.1, which implies that only the local computer is able to connect to the nameserver! To allow remote hosts to connect, change to 0.0.0.0 or the physical IP address of your nameserver. -* :ref:`setting-webserver-password`: If set, viewers will have to enter this plaintext password in order to gain access to the statistics, in addition to entering the configured API key on the index page. +* :ref:`setting-webserver-password`: If set, viewers will have to enter this password in order to gain access to the statistics, in addition to entering the configured API key on the index page. * :ref:`setting-webserver-port`: Port to bind the webserver to. * :ref:`setting-webserver-allow-from`: Netmasks that are allowed to connect to the webserver * :ref:`setting-webserver-max-bodysize`: Maximum request/response body size in megabytes diff --git a/docs/settings.rst b/docs/settings.rst index 693ee3061c..e6b568022f 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -134,7 +134,10 @@ Enable/disable the :doc:`http-api/index`. - String -Static pre-shared authentication key for access to the REST API. +.. versionchanged:: 4.6.0 + This setting now accepts a hashed and salted version. + +Static pre-shared authentication key for access to the REST API. Since 4.6.0 the key can be hashed and salted using ``rec_control hash-password APIKEY`` instead of being stored in the configuration in plaintext. .. _setting-autosecondary: @@ -1825,10 +1828,12 @@ Maximum request/response body size in megabytes. ``webserver-password`` ---------------------- +.. versionchanged:: 4.6.0 + This setting now accepts a hashed and salted version. - String -The plaintext password required for accessing the webserver. +Password required to access the webserver. Since 4.6.0 the password can be hashed and salted using ``pdnsutil hash-password PASS`` instead of being in plaintext. .. _setting-webserver-port: