You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Adam Heath (JIRA)" <ji...@apache.org> on 2014/06/19 20:16:24 UTC

[jira] [Commented] (OFBIZ-1151) Passwords are not salted

    [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14037616#comment-14037616 ] 

Adam Heath commented on OFBIZ-1151:
-----------------------------------

So, about updating the demo data, to have random salt+hash for each password.

I'm thinking that when a release branch is forked, some as-yet-unwritten tool should be run, to rotate all standard passwords, and give them different values in the xml.  This would imply some additional document that describes which entity/field/row has a password, and re-writing each xml file.  Does this sound like a good way to do this going forward?

> Passwords are not salted
> ------------------------
>
>                 Key: OFBIZ-1151
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1151
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: party
>    Affects Versions: Release Branch 4.0, SVN trunk
>            Reporter: Wickersheimer Jeremy
>            Assignee: Adam Heath
>            Priority: Minor
>
> Password are currently hashed but not seeded which may be a security issue.



--
This message was sent by Atlassian JIRA
(v6.2#6252)