[Maintain-dev] [JIRA] Created: (MNT-1424) Password handling issue and legacy_module

Zack Bartel (JIRA) jira at osuosl.org
Mon Mar 6 16:55:40 PST 2006

Password handling issue and legacy_module

         Key: MNT-1424
         URL: http://bugs.osuosl.org/browse/MNT-1424
     Project: Maintain
        Type: Improvement
    Versions: 3.0    
 Environment: Ubuntu
    Reporter: Zack Bartel
 Assigned to: Frederic Wenzel 
    Priority: Urgent
     Fix For: 3.0

Currently passwords are encrypted using the sha1() php function and stored in the db as sha1. The actual encryption occurs in the User::validatePassword() function. This seems to be wrong. I am not sure if there was a good reason to put it there but I would assume somewhere else would be more appropriate. I was thinking User::update() and User::insert() overwriting. Or possibly a MySQL builtin hashing function but then we are again suseptible to MySQL algorithm changes!

To be continued...

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
If you want more information on JIRA, or have a bug to report see:

More information about the Maintain-dev mailing list