[Maintain-dev] [JIRA] Work started: (MNT-1424) Password handling issue and legacy_module

Frederic Wenzel (JIRA) jira at osuosl.org
Fri Mar 10 12:37:40 PST 2006


     [ http://bugs.osuosl.org/browse/MNT-1424?page=history ]
     
Work on MNT-1424 started by Frederic Wenzel

> Password handling issue and legacy_module
> -----------------------------------------
>
>          Key: MNT-1424
>          URL: http://bugs.osuosl.org/browse/MNT-1424
>      Project: Maintain
>         Type: Improvement
>     Versions: 3.0
>  Environment: Ubuntu
>     Reporter: Zack Bartel
>     Assignee: Frederic Wenzel
>     Priority: Urgent
>      Fix For: 3.0

>
>
> Currently passwords are encrypted using the sha1() php function and stored in the db as sha1. The actual encryption occurs in the User::validatePassword() function. This seems to be wrong. I am not sure if there was a good reason to put it there but I would assume somewhere else would be more appropriate. I was thinking User::update() and User::insert() overwriting. Or possibly a MySQL builtin hashing function but then we are again suseptible to MySQL algorithm changes!
> To be continued...

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://bugs.osuosl.org/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira



More information about the Maintain-dev mailing list