Ticket #176 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

Encrypt stored passwords

Reported by: brad Assigned to: wkornew
Priority: normal Component: DbAuthPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

Right now, the DbAuthPlugin stores user passwords in the trac_users table in clear text. This is not a good practice. Karol Krizka mentioned that he had done the md5 work on this. Maybe he could donate that code?

Attachments

encrypt-and-change-pass.patch (7.2 kB) - added by wkornew on 06/27/06 06:26:25.
encrypts passwords with SHA-1. also adds a metanav "Password" that allows for changing your password (yeah...not ideal, but we need it now). patch against DbAuth? 0.10

Change History

02/03/06 17:12:56 changed by kkrizka

  • owner changed from brad to kkrizka.
  • status changed from new to assigned.

06/27/06 06:26:25 changed by wkornew

  • attachment encrypt-and-change-pass.patch added.

encrypts passwords with SHA-1. also adds a metanav "Password" that allows for changing your password (yeah...not ideal, but we need it now). patch against DbAuth? 0.10

06/27/06 09:52:05 changed by wkornew

  • owner changed from kkrizka to brad.
  • release set to 0.10.
  • status changed from assigned to new.

06/28/06 15:35:32 changed by anonymous

  • owner changed from brad to anonymous.
  • status changed from new to assigned.

06/28/06 15:35:58 changed by wkornew

  • owner changed from anonymous to wkornew.
  • status changed from assigned to new.

06/28/06 15:36:02 changed by wkornew

  • status changed from new to assigned.

06/28/06 17:38:47 changed by wkornew

  • status changed from assigned to closed.
  • resolution set to fixed.

Add/Change #176 (Encrypt stored passwords)




Change Properties
Action