You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/03/03 16:36:00 UTC

[jira] [Commented] (SYNCOPE-1666) Security Answer encryption

    [ https://issues.apache.org/jira/browse/SYNCOPE-1666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17500865#comment-17500865 ] 

ASF subversion and git services commented on SYNCOPE-1666:
----------------------------------------------------------

Commit 008459240094e7d021553b484d47aa1569626250 in syncope's branch refs/heads/2_1_X from Andrea Patricelli
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=0084592 ]

[SYNCOPE-1666] added security answer hashing (#319)

[SYNCOPE-1666] added security answer hashing


> Security Answer encryption 
> ---------------------------
>
>                 Key: SYNCOPE-1666
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1666
>             Project: Syncope
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 2.1.10
>            Reporter: Andrea Patricelli
>            Assignee: Andrea Patricelli
>            Priority: Major
>             Fix For: 2.1.11, 3.0.0
>
>
> Security answer is stored as cleartext field, but, since contains sesitive information, must be encrypted. We hav to use the same algorithms available for password.
> Provide also an upgrade guide and a migration tool to encrypt passwords on already existing installations.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)