[Maintain-dev] [JIRA] Created: (MNT-1424) Password handling issue
Zack Bartel (JIRA)
jira at osuosl.org
Mon Mar 6 16:55:40 PST 2006
Password handling issue and legacy_module
Reporter: Zack Bartel
Assigned to: Frederic Wenzel
Fix For: 3.0
Currently passwords are encrypted using the sha1() php function and stored in the db as sha1. The actual encryption occurs in the User::validatePassword() function. This seems to be wrong. I am not sure if there was a good reason to put it there but I would assume somewhere else would be more appropriate. I was thinking User::update() and User::insert() overwriting. Or possibly a MySQL builtin hashing function but then we are again suseptible to MySQL algorithm changes!
To be continued...
This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
If you want more information on JIRA, or have a bug to report see:
More information about the Maintain-dev