Modify

Opened 9 years ago

Closed 8 years ago

#176 closed defect (fixed)

Encrypt stored passwords

Reported by: brad Owned by: wkornew
Priority: normal Component: DbAuthPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

Right now, the DbAuthPlugin stores user passwords in the trac_users table in clear text. This is not a good practice. Karol Krizka mentioned that he had done the md5 work on this. Maybe he could donate that code?

Attachments (1)

encrypt-and-change-pass.patch (7.2 KB) - added by wkornew 8 years ago.
encrypts passwords with SHA-1. also adds a metanav "Password" that allows for changing your password (yeah...not ideal, but we need it now). patch against DbAuth 0.10

Download all attachments as: .zip

Change History (7)

comment:1 Changed 9 years ago by kkrizka

  • Owner changed from brad to kkrizka
  • Status changed from new to assigned

Changed 8 years ago by wkornew

encrypts passwords with SHA-1. also adds a metanav "Password" that allows for changing your password (yeah...not ideal, but we need it now). patch against DbAuth 0.10

comment:2 Changed 8 years ago by wkornew

  • Owner changed from kkrizka to brad
  • Status changed from assigned to new
  • Trac Release set to 0.10

comment:3 Changed 8 years ago by anonymous

  • Owner changed from brad to anonymous
  • Status changed from new to assigned

comment:4 Changed 8 years ago by wkornew

  • Owner changed from anonymous to wkornew
  • Status changed from assigned to new

comment:5 Changed 8 years ago by wkornew

  • Status changed from new to assigned

comment:6 Changed 8 years ago by wkornew

  • Resolution set to fixed
  • Status changed from assigned to closed

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.