You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Adam Heath (JIRA)" <ji...@apache.org> on 2014/06/19 20:16:24 UTC
[jira] [Commented] (OFBIZ-1151) Passwords are not salted
[ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14037616#comment-14037616 ]
Adam Heath commented on OFBIZ-1151:
-----------------------------------
So, about updating the demo data, to have random salt+hash for each password.
I'm thinking that when a release branch is forked, some as-yet-unwritten tool should be run, to rotate all standard passwords, and give them different values in the xml. This would imply some additional document that describes which entity/field/row has a password, and re-writing each xml file. Does this sound like a good way to do this going forward?
> Passwords are not salted
> ------------------------
>
> Key: OFBIZ-1151
> URL: https://issues.apache.org/jira/browse/OFBIZ-1151
> Project: OFBiz
> Issue Type: Sub-task
> Components: party
> Affects Versions: Release Branch 4.0, SVN trunk
> Reporter: Wickersheimer Jeremy
> Assignee: Adam Heath
> Priority: Minor
>
> Password are currently hashed but not seeded which may be a security issue.
--
This message was sent by Atlassian JIRA
(v6.2#6252)