🌍
English
Pages: 1
Hello,
I want my web site to remotely manage users allowed to create albums and photos in piwigo.
So my idea is to use the API method pwg.users.add. This method takes the username and password as parameters. However, I could not find the information if the password is/should/must be encrypted.
Our Website has internal users, and only the bcrypt-ed password is available. Can I pass this encrypted password in pwg.users.add?
Any other suggestion?
Piwigo version: 2.9, (to be) hosted on piwigo.com
Offline
I think you send it in Cleartext. The API do the Rest.
Offline
Hi,
Thanks for the answer.
That's what I was afraid of....
1) this not a safe way of sending pwd
2) my website doesn't store passwords, only the encrypted representation, so there's no way for it to use the real pwd in the method
There should be an alternative way to create a user, giving the expected encryption key, especially for an API, IMO.
BR
Jean-Marc
Offline
I not tested with the API. I use my own Server with SSL. At this time i disable the API for remote access, because i miss a authorization for using. All Services, which use the API, are runnig on the same host.
Offline
Pages: 1