[Maintain-dev] [JIRA] Created: (MNT-1424) Password handling issue
and legacy_module
Zack Bartel (JIRA)
jira at osuosl.org
Mon Mar 6 16:55:40 PST 2006
Password handling issue and legacy_module
-----------------------------------------
Key: MNT-1424
URL: http://bugs.osuosl.org/browse/MNT-1424
Project: Maintain
Type: Improvement
Versions: 3.0
Environment: Ubuntu
Reporter: Zack Bartel
Assigned to: Frederic Wenzel
Priority: Urgent
Fix For: 3.0
Currently passwords are encrypted using the sha1() php function and stored in the db as sha1. The actual encryption occurs in the User::validatePassword() function. This seems to be wrong. I am not sure if there was a good reason to put it there but I would assume somewhere else would be more appropriate. I was thinking User::update() and User::insert() overwriting. Or possibly a MySQL builtin hashing function but then we are again suseptible to MySQL algorithm changes!
To be continued...
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://bugs.osuosl.org/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
More information about the Maintain-dev
mailing list