Opened 13 years ago
Last modified 13 years ago
#1641 closed enhancement
Use bcrypt for storing passwords instead of MD5 — at Initial Version
| Reported by: | Nicklas Nordborg | Owned by: | everyone |
|---|---|---|---|
| Priority: | critical | Milestone: | BASE 3.0 |
| Component: | core | Version: | |
| Keywords: | Cc: |
Description
This ticket replaces #1640.
We'll need to remove the 'Encrypt password' feature of the web client. We recommend that HTTPS is used if protection is needed.
To be able to upgrade an existing server we should store bcrypt(MD5(password)). Since we already have the MD5(password) stored the upgrade is simple.
Note:
See TracTickets
for help on using tickets.
