Docs - assurances regarding OCN credentials

[itsmartin]

In the docs, the phrase

Don't worry, the username and password are hashed and are not accessible to the developers or other users

appears.

While obviously it is the genuine intention of the devs that this statement be accurate, you shouldn't be giving users such broad assurances. The reality is that a malicious party with access to a server running an instance of SunshineAPI would be trivially able to harvest user credentials.

I suggest adding some sort of strong cautionary note to this effect, and perhaps offering a clearly-documented alternative way for people to obtain their own session cookie if they don't want to trust a third party with their credentials.

[gilrosenthal]

Well ok then

[Szboy]

Thanks for the issue report! We will look into better ways of wording it and better authentication, This was locked due to unneeded comments that did and would have happened.

[gilrosenthal]

I think i can do this by tomorrow

[gilrosenthal]

Check commit a22ca7a

[itsmartin]

That info should probably go on https://sunshine-api.com/ as well, and the phrase "Don't worry, the username and password are hashed and are not accessible to the developers or other users" is still prominently visible on that page, and it really shouldn't be.