CouchDB settings with seperate user / PW fields

Hello and good day,

I just got aware that the couchdb URL is fully exposed in the config.cson file.

Would it be a good idea to seperate the user and PW fields so the PW can be hashed and encrypted in the settings file?
The encryption potentially could be done with the inkdrop credentials(?)

In the current state another application could potentially read the settings.

All the best, I love what you are doing

Hi Marco,

Thank you for the suggestion.
I guess you are talking about a custom CouchDB?
Yeah, the URL could be read by another app.
So if there were a targeted attack, the credentials can get leaked.
It can be stored in keychain instead.
But I wonder how much it potentially happens because there are very few users using custom CouchDBs.