Uploaded image for project: 'translate5'
  1. translate5
  2. TRANSLATE-3051

Add SALT to MD5 user password (4.4)

    XMLWordPrintable

Details

    • Critical
    • Ensure that a DB backup is done. All user passwords will get additionally encrypted with a random secret (pepper) created and stored in the installation.ini
    • The user passwords are now stored in a more secure way.

    Description

      The user passwords are now stored in a more secure way.

      Also the password hash mechanism is changed from less secure md5 hashes to more secure cryptographic methods - including a salt.

      Additionally a random secret is created and stored in the installation.ini.

      The secret is not in the config in DB, so that in case of SQL injection the passwords still are encrypted with that secret on the disk.

      All user passwords are additionally encrypted with that secret, so when loosing or changing that secret all users has to change their passwords!

       

       

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. TRANSLATE-2217 List refactoring and code maintenance needs in translate5

          • Selected for dev

          Activity

            People

              tlauria Thomas Lauria
              marcmittag Marc Mittag [Administrator]
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: