Modify

Opened 19 years ago

Closed 18 years ago

#176 closed defect (fixed)

Encrypt stored passwords

Reported by: Brad Anderson Owned by: wkornewald
Priority: normal Component: DbAuthPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

Right now, the DbAuthPlugin stores user passwords in the trac_users table in clear text. This is not a good practice. Karol Krizka mentioned that he had done the md5 work on this. Maybe he could donate that code?

Attachments (1)

encrypt-and-change-pass.patch (7.2 KB) - added by wkornewald 18 years ago.
encrypts passwords with SHA-1. also adds a metanav "Password" that allows for changing your password (yeah...not ideal, but we need it now). patch against DbAuth 0.10

Download all attachments as: .zip

Change History (7)

comment:1 Changed 19 years ago by Karol Krizka

Owner: changed from Brad Anderson to Karol Krizka
Status: newassigned

Changed 18 years ago by wkornewald

Attachment: encrypt-and-change-pass.patch added

encrypts passwords with SHA-1. also adds a metanav "Password" that allows for changing your password (yeah...not ideal, but we need it now). patch against DbAuth 0.10

comment:2 Changed 18 years ago by wkornewald

Owner: changed from Karol Krizka to Brad Anderson
Status: assignednew
Trac Release: 0.10

comment:3 Changed 18 years ago by anonymous

Owner: changed from Brad Anderson to anonymous
Status: newassigned

comment:4 Changed 18 years ago by wkornewald

Owner: changed from anonymous to wkornewald
Status: assignednew

comment:5 Changed 18 years ago by wkornewald

Status: newassigned

comment:6 Changed 18 years ago by wkornewald

Resolution: fixed
Status: assignedclosed

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain wkornewald.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment

E-mail address and name can be saved in the Preferences.

AttachmentsDescription
 
Note: See TracTickets for help on using tickets.