Ticket #176 (closed defect: fixed)

Opened 7 years ago

Last modified 7 years ago

Encrypt stored passwords

Reported by: brad Assigned to: wkornew
Priority: normal Component: DbAuthPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

Right now, the DbAuthPlugin stores user passwords in the trac_users table in clear text. This is not a good practice. Karol Krizka mentioned that he had done the md5 work on this. Maybe he could donate that code?

Attachments

encrypt-and-change-pass.patch (7.2 kB) - added by wkornew on 06/27/06 13:26:25.
encrypts passwords with SHA-1. also adds a metanav "Password" that allows for changing your password (yeah...not ideal, but we need it now). patch against DbAuth? 0.10

Change History

02/04/06 00:12:56 changed by kkrizka

  • status changed from new to assigned.
  • owner changed from brad to kkrizka.

06/27/06 13:26:25 changed by wkornew

  • attachment encrypt-and-change-pass.patch added.

encrypts passwords with SHA-1. also adds a metanav "Password" that allows for changing your password (yeah...not ideal, but we need it now). patch against DbAuth? 0.10

06/27/06 16:52:05 changed by wkornew

  • status changed from assigned to new.
  • release set to 0.10.
  • owner changed from kkrizka to brad.

06/28/06 22:35:32 changed by anonymous

  • status changed from new to assigned.
  • owner changed from brad to anonymous.

06/28/06 22:35:58 changed by wkornew

  • status changed from assigned to new.
  • owner changed from anonymous to wkornew.

06/28/06 22:36:02 changed by wkornew

  • status changed from new to assigned.

06/29/06 00:38:47 changed by wkornew

  • status changed from assigned to closed.
  • resolution set to fixed.

Add/Change #176 (Encrypt stored passwords)




Change Properties
Action