#274 edit_users.php uses always md5

Minor
open
nobody
None
1
2014-01-23
2013-06-06
Anonymous
No

edit_users.php encrypts passwords always using md5 regardless password_format configuration.

Discussion

  • I don't think this is a bug. The password_format configuration only applies to db_ext auth types (the variable is $auth['db_ext']['password_format']). It is assumed that users in an external database are edited by an external tool.

    Campbell

     
  • John Beranek
    John Beranek
    2014-01-23

    The only thing that could be said additionally to this is that MD5 is now considered by some to be insecure, we should consider moving to SHA1/SHA512.

     


Anonymous


Cancel   Add attachments