dolibarr-bugtrack
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Dolibarr-bugtrack] [bug #18023] Clear passwords in database

From: Thomas Despoix
Subject: [Dolibarr-bugtrack] [bug #18023] Clear passwords in database
Date: Mon, 16 Oct 2006 12:45:48 +0000
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 
URL:
  <http://savannah.nongnu.org/bugs/?18023>

                 Summary: Clear passwords in database
                 Project: Dolibarr
            Submitted by: mytto
            Submitted on: lundi 16.10.2006 à 12:45
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
                 Release: None
        Operating System: GNU/Linux

    _______________________________________________________

Details:

User passwords are stored human readable in the database, which is obviously
an rare issue.

They could at least be md5-encrypted!

Better, try and use an authentication layer like PEAR::Auth, to allow
integration to other authentication method like LDAP, POP, HTTP, CAS SSO,
etc.






    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?18023>

_______________________________________________
  Message posté via/par Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]