You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Rafael Weingärtner <ra...@gmail.com> on 2018/04/09 17:31:39 UTC

Remove 'md5Hashed' variable from Javascript

Hello fellow CloudStackers,

Today I was working on CLOUDSTACK-5235, which is a security issue, and I
noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
useful at all. This variable was used to control if we hash or not the
password of users in the user side (browser). However, we no longer hash
the password on the user side. All of the password processing is executed
in the server side according to the priority of hashing mechanism defined
by the administrator.

I am addressing this cleanup with this PR
https://github.com/apache/cloudstack/pull/2555.

If you have any objections regarding this variable and its relate code
removal, please do so. Otherwise, we will proceed to remove it.

--
Rafael Weingärtner

Re: Remove 'md5Hashed' variable from Javascript

Posted by Boris Stoyanov <bo...@shapeblue.com>.

+1 


boris.stoyanov@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

> On 13 Apr 2018, at 2:36, Gabriel Beims Bräscher <ga...@gmail.com> wrote:
> 
> +1
> 
> 2018-04-12 20:35 GMT-03:00 Rohit Yadav <ro...@shapeblue.com>:
> 
>> +1
>> 
>> 
>> 
>> - Rohit
>> 
>> <https://cloudstack.apache.org>
>> 
>> 
>> 
>> ________________________________
>> From: Rafael Weingärtner <ra...@gmail.com>
>> Sent: Friday, April 13, 2018 4:04:24 AM
>> To: users; dev
>> Subject: Re: Remove 'md5Hashed' variable from Javascript
>> 
>> Hello folks,
>> I have not heard anything back here. I will still wait a few more days. If
>> I do not see anybody against it, I will assume lazy consensus and proceed
>> removing these variables.
>> 
>> On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
>> rafaelweingartner@gmail.com> wrote:
>> 
>>> Hello fellow CloudStackers,
>>> 
>>> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
>>> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
>>> useful at all. This variable was used to control if we hash or not the
>>> password of users in the user side (browser). However, we no longer hash
>>> the password on the user side. All of the password processing is executed
>>> in the server side according to the priority of hashing mechanism defined
>>> by the administrator.
>>> 
>>> I am addressing this cleanup with this PR https://github.com/apache/
>>> cloudstack/pull/2555.
>>> 
>>> If you have any objections regarding this variable and its relate code
>>> removal, please do so. Otherwise, we will proceed to remove it.
>>> 
>>> --
>>> Rafael Weingärtner
>>> 
>> 
>> 
>> 
>> --
>> Rafael Weingärtner
>> 
>> rohit.yadav@shapeblue.com
>> www.shapeblue.com
>> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
>> @shapeblue
>> 
>> 
>> 
>>

Re: Remove 'md5Hashed' variable from Javascript

Posted by Boris Stoyanov <bo...@shapeblue.com>.

+1 


boris.stoyanov@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

> On 13 Apr 2018, at 2:36, Gabriel Beims Bräscher <ga...@gmail.com> wrote:
> 
> +1
> 
> 2018-04-12 20:35 GMT-03:00 Rohit Yadav <ro...@shapeblue.com>:
> 
>> +1
>> 
>> 
>> 
>> - Rohit
>> 
>> <https://cloudstack.apache.org>
>> 
>> 
>> 
>> ________________________________
>> From: Rafael Weingärtner <ra...@gmail.com>
>> Sent: Friday, April 13, 2018 4:04:24 AM
>> To: users; dev
>> Subject: Re: Remove 'md5Hashed' variable from Javascript
>> 
>> Hello folks,
>> I have not heard anything back here. I will still wait a few more days. If
>> I do not see anybody against it, I will assume lazy consensus and proceed
>> removing these variables.
>> 
>> On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
>> rafaelweingartner@gmail.com> wrote:
>> 
>>> Hello fellow CloudStackers,
>>> 
>>> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
>>> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
>>> useful at all. This variable was used to control if we hash or not the
>>> password of users in the user side (browser). However, we no longer hash
>>> the password on the user side. All of the password processing is executed
>>> in the server side according to the priority of hashing mechanism defined
>>> by the administrator.
>>> 
>>> I am addressing this cleanup with this PR https://github.com/apache/
>>> cloudstack/pull/2555.
>>> 
>>> If you have any objections regarding this variable and its relate code
>>> removal, please do so. Otherwise, we will proceed to remove it.
>>> 
>>> --
>>> Rafael Weingärtner
>>> 
>> 
>> 
>> 
>> --
>> Rafael Weingärtner
>> 
>> rohit.yadav@shapeblue.com
>> www.shapeblue.com
>> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
>> @shapeblue
>> 
>> 
>> 
>>

Re: Remove 'md5Hashed' variable from Javascript

Posted by Gabriel Beims Bräscher <ga...@gmail.com>.

+1

2018-04-12 20:35 GMT-03:00 Rohit Yadav <ro...@shapeblue.com>:

> +1
>
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: Rafael Weingärtner <ra...@gmail.com>
> Sent: Friday, April 13, 2018 4:04:24 AM
> To: users; dev
> Subject: Re: Remove 'md5Hashed' variable from Javascript
>
> Hello folks,
> I have not heard anything back here. I will still wait a few more days. If
> I do not see anybody against it, I will assume lazy consensus and proceed
> removing these variables.
>
> On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
> rafaelweingartner@gmail.com> wrote:
>
> > Hello fellow CloudStackers,
> >
> > Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> > useful at all. This variable was used to control if we hash or not the
> > password of users in the user side (browser). However, we no longer hash
> > the password on the user side. All of the password processing is executed
> > in the server side according to the priority of hashing mechanism defined
> > by the administrator.
> >
> > I am addressing this cleanup with this PR https://github.com/apache/
> > cloudstack/pull/2555.
> >
> > If you have any objections regarding this variable and its relate code
> > removal, please do so. Otherwise, we will proceed to remove it.
> >
> > --
> > Rafael Weingärtner
> >
>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>

Re: Remove 'md5Hashed' variable from Javascript

Posted by Gabriel Beims Bräscher <ga...@gmail.com>.

+1

2018-04-12 20:35 GMT-03:00 Rohit Yadav <ro...@shapeblue.com>:

> +1
>
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: Rafael Weingärtner <ra...@gmail.com>
> Sent: Friday, April 13, 2018 4:04:24 AM
> To: users; dev
> Subject: Re: Remove 'md5Hashed' variable from Javascript
>
> Hello folks,
> I have not heard anything back here. I will still wait a few more days. If
> I do not see anybody against it, I will assume lazy consensus and proceed
> removing these variables.
>
> On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
> rafaelweingartner@gmail.com> wrote:
>
> > Hello fellow CloudStackers,
> >
> > Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> > useful at all. This variable was used to control if we hash or not the
> > password of users in the user side (browser). However, we no longer hash
> > the password on the user side. All of the password processing is executed
> > in the server side according to the priority of hashing mechanism defined
> > by the administrator.
> >
> > I am addressing this cleanup with this PR https://github.com/apache/
> > cloudstack/pull/2555.
> >
> > If you have any objections regarding this variable and its relate code
> > removal, please do so. Otherwise, we will proceed to remove it.
> >
> > --
> > Rafael Weingärtner
> >
>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>

Re: Remove 'md5Hashed' variable from Javascript

Posted by Rohit Yadav <ro...@shapeblue.com>.

+1



- Rohit

<https://cloudstack.apache.org>



________________________________
From: Rafael Weingärtner <ra...@gmail.com>
Sent: Friday, April 13, 2018 4:04:24 AM
To: users; dev
Subject: Re: Remove 'md5Hashed' variable from Javascript

Hello folks,
I have not heard anything back here. I will still wait a few more days. If
I do not see anybody against it, I will assume lazy consensus and proceed
removing these variables.

On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
rafaelweingartner@gmail.com> wrote:

> Hello fellow CloudStackers,
>
> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> useful at all. This variable was used to control if we hash or not the
> password of users in the user side (browser). However, we no longer hash
> the password on the user side. All of the password processing is executed
> in the server side according to the priority of hashing mechanism defined
> by the administrator.
>
> I am addressing this cleanup with this PR https://github.com/apache/
> cloudstack/pull/2555.
>
> If you have any objections regarding this variable and its relate code
> removal, please do so. Otherwise, we will proceed to remove it.
>
> --
> Rafael Weingärtner
>



--
Rafael Weingärtner

rohit.yadav@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

Re: Remove 'md5Hashed' variable from Javascript

Posted by Rohit Yadav <ro...@shapeblue.com>.

+1



- Rohit

<https://cloudstack.apache.org>



________________________________
From: Rafael Weingärtner <ra...@gmail.com>
Sent: Friday, April 13, 2018 4:04:24 AM
To: users; dev
Subject: Re: Remove 'md5Hashed' variable from Javascript

Hello folks,
I have not heard anything back here. I will still wait a few more days. If
I do not see anybody against it, I will assume lazy consensus and proceed
removing these variables.

On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
rafaelweingartner@gmail.com> wrote:

> Hello fellow CloudStackers,
>
> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> useful at all. This variable was used to control if we hash or not the
> password of users in the user side (browser). However, we no longer hash
> the password on the user side. All of the password processing is executed
> in the server side according to the priority of hashing mechanism defined
> by the administrator.
>
> I am addressing this cleanup with this PR https://github.com/apache/
> cloudstack/pull/2555.
>
> If you have any objections regarding this variable and its relate code
> removal, please do so. Otherwise, we will proceed to remove it.
>
> --
> Rafael Weingärtner
>



--
Rafael Weingärtner

rohit.yadav@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue

Re: Remove 'md5Hashed' variable from Javascript

Posted by Rafael Weingärtner <ra...@gmail.com>.

Hello folks,
I have not heard anything back here. I will still wait a few more days. If
I do not see anybody against it, I will assume lazy consensus and proceed
removing these variables.

On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
rafaelweingartner@gmail.com> wrote:

> Hello fellow CloudStackers,
>
> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> useful at all. This variable was used to control if we hash or not the
> password of users in the user side (browser). However, we no longer hash
> the password on the user side. All of the password processing is executed
> in the server side according to the priority of hashing mechanism defined
> by the administrator.
>
> I am addressing this cleanup with this PR https://github.com/apache/
> cloudstack/pull/2555.
>
> If you have any objections regarding this variable and its relate code
> removal, please do so. Otherwise, we will proceed to remove it.
>
> --
> Rafael Weingärtner
>



-- 
Rafael Weingärtner

Re: Remove 'md5Hashed' variable from Javascript

Posted by Nitin Maharana <ni...@gmail.com>.

+1

On Mon, Apr 9, 2018 at 11:01 PM, Rafael Weingärtner <
rafaelweingartner@gmail.com> wrote:

> Hello fellow CloudStackers,
>
> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> useful at all. This variable was used to control if we hash or not the
> password of users in the user side (browser). However, we no longer hash
> the password on the user side. All of the password processing is executed
> in the server side according to the priority of hashing mechanism defined
> by the administrator.
>
> I am addressing this cleanup with this PR
> https://github.com/apache/cloudstack/pull/2555.
>
> If you have any objections regarding this variable and its relate code
> removal, please do so. Otherwise, we will proceed to remove it.
>
> --
> Rafael Weingärtner
>

Re: Remove 'md5Hashed' variable from Javascript

Posted by Nitin Maharana <ni...@gmail.com>.

+1

On Mon, Apr 9, 2018 at 11:01 PM, Rafael Weingärtner <
rafaelweingartner@gmail.com> wrote:

> Hello fellow CloudStackers,
>
> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> useful at all. This variable was used to control if we hash or not the
> password of users in the user side (browser). However, we no longer hash
> the password on the user side. All of the password processing is executed
> in the server side according to the priority of hashing mechanism defined
> by the administrator.
>
> I am addressing this cleanup with this PR
> https://github.com/apache/cloudstack/pull/2555.
>
> If you have any objections regarding this variable and its relate code
> removal, please do so. Otherwise, we will proceed to remove it.
>
> --
> Rafael Weingärtner
>

Re: Remove 'md5Hashed' variable from Javascript

Posted by Rafael Weingärtner <ra...@gmail.com>.

Hello folks,
I have not heard anything back here. I will still wait a few more days. If
I do not see anybody against it, I will assume lazy consensus and proceed
removing these variables.

On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
rafaelweingartner@gmail.com> wrote:

> Hello fellow CloudStackers,
>
> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> useful at all. This variable was used to control if we hash or not the
> password of users in the user side (browser). However, we no longer hash
> the password on the user side. All of the password processing is executed
> in the server side according to the priority of hashing mechanism defined
> by the administrator.
>
> I am addressing this cleanup with this PR https://github.com/apache/
> cloudstack/pull/2555.
>
> If you have any objections regarding this variable and its relate code
> removal, please do so. Otherwise, we will proceed to remove it.
>
> --
> Rafael Weingärtner
>



-- 
Rafael Weingärtner