Encrypt stored passwords
Right now, the DbAuthPlugin stores user passwords in the trac_users table in clear text. This is not a good practice. Karol Krizka mentioned that he had done the md5 work on this. Maybe he could donate that code?
Attachments (1)
-
encrypt-and-change-pass.patch (7.2 KB) - added by wkornewald 19 years ago.
-
encrypts passwords with SHA-1. also adds a metanav "Password" that allows for changing your password (yeah...not ideal, but we need it now). patch against DbAuth 0.10
Download all attachments as: .zip
Change History (7)
Owner: |
changed from Brad Anderson to Karol Krizka
|
Status: |
new →
assigned
|
Owner: |
changed from Karol Krizka to Brad Anderson
|
Status: |
assigned →
new
|
Trac Release: |
→ 0.10
|
Owner: |
changed from Brad Anderson to anonymous
|
Status: |
new →
assigned
|
Owner: |
changed from anonymous to wkornewald
|
Status: |
assigned →
new
|
Resolution: |
→ fixed
|
Status: |
assigned →
closed
|
encrypts passwords with SHA-1. also adds a metanav "Password" that allows for changing your password (yeah...not ideal, but we need it now). patch against DbAuth 0.10