[Maintain-dev] [JIRA] Resolved: (MNT-1424) Password handling issue
and legacy_module
Frederic Wenzel (JIRA)
jira at osuosl.org
Tue Mar 21 13:17:07 PST 2006
[ http://bugs.osuosl.org/browse/MNT-1424?page=history ]
Frederic Wenzel resolved MNT-1424:
----------------------------------
Resolution: Fixed
done and done.
> Password handling issue and legacy_module
> -----------------------------------------
>
> Key: MNT-1424
> URL: http://bugs.osuosl.org/browse/MNT-1424
> Project: Maintain
> Type: Improvement
> Versions: 3.0
> Environment: Ubuntu
> Reporter: Zack Bartel
> Assignee: Frederic Wenzel
> Priority: Urgent
> Fix For: 3.0
>
>
> Currently passwords are encrypted using the sha1() php function and stored in the db as sha1. The actual encryption occurs in the User::validatePassword() function. This seems to be wrong. I am not sure if there was a good reason to put it there but I would assume somewhere else would be more appropriate. I was thinking User::update() and User::insert() overwriting. Or possibly a MySQL builtin hashing function but then we are again suseptible to MySQL algorithm changes!
> To be continued...
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://bugs.osuosl.org/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
More information about the Maintain-dev
mailing list