Updates to readme, fixed darkmode cookie bug

2026-01-21 20:02:35 -05:00 · 2026-01-21 20:02:35 -05:00 · 85257808a3
commit 85257808a3
parent 4f39417852
3 changed files with 17 additions and 3 deletions
--- a/readme.md
+++ b/readme.md
@ -92,4 +92,14 @@ From left to right:
 - QR Code Generator: JS file found [here](https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js)
 - Cookie Popup: JS file found [here](https://cookieconsent.popupsmart.com/src/js/popper.js)

-*See `LICENSE.md` for redistribution and editing details.*
+*See `LICENSE.md` for redistribution and editing details.*
+
+### A quick note on the password feature
+
+The exact process of the password's plaintext scope is as follows
+
+- On the server, you type in the password on the server in the console, the python script takes that plaintext, hashes it, then stores that hash as a variable. The plaintext is also technically a variable, but it's not accessed after that initial hashing. (It's also going to be visible in your console history)
+
+- On the client, you type in the password and press enter. A function reads the value of the password box, saves the hash of that password to a variable, and sends it with all your requests. The plaintext is still stored in the inputbox, but if you delete it and don't press enter on the box again, the hash will be stored without keeping the plaintext. (I may change this behaviour so this box auto-clears when enter is pressed, maybe)
+
+None of this is "secure", but it's better than sending plaintext passwords, which is what I was doing before. Hypothetically somebody who intercepted your packet where you sent the password can't get back the original plaintext, just the hash.