[Maintain-dev] [JIRA] Work started: (MNT-1424) Password handling issue and legacy_module

Frederic Wenzel (JIRA) jira at osuosl.org
Fri Mar 10 12:37:40 PST 2006

     [ http://bugs.osuosl.org/browse/MNT-1424?page=history ]
Work on MNT-1424 started by Frederic Wenzel

> Password handling issue and legacy_module
> -----------------------------------------
>          Key: MNT-1424
>          URL: http://bugs.osuosl.org/browse/MNT-1424
>      Project: Maintain
>         Type: Improvement
>     Versions: 3.0
>  Environment: Ubuntu
>     Reporter: Zack Bartel
>     Assignee: Frederic Wenzel
>     Priority: Urgent
>      Fix For: 3.0

> Currently passwords are encrypted using the sha1() php function and stored in the db as sha1. The actual encryption occurs in the User::validatePassword() function. This seems to be wrong. I am not sure if there was a good reason to put it there but I would assume somewhere else would be more appropriate. I was thinking User::update() and User::insert() overwriting. Or possibly a MySQL builtin hashing function but then we are again suseptible to MySQL algorithm changes!
> To be continued...

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
If you want more information on JIRA, or have a bug to report see:

More information about the Maintain-dev mailing list