Menu
▾
▴
RE: Encrypted Bodington Passwords (was Re: [Bodington-developers] Bodington with SP and IdP - SSO and v2.6)
|
From: Andrew B. <a.g...@le...> - 2005-06-22 12:05:28
|
PassPhrase.encrypt is there because the passwords were originally encrypted. Jon found a bug and used unencrypted passwords while he fixed it. It never got put back. Aggie -----Original Message----- From: bod...@li... [mailto:bod...@li...] On Behalf Of Matthew Buckett Sent: 22 June 2005 12:42 To: bod...@li... Subject: Encrypted Bodington Passwords (was Re: [Bodington-developers] Bodington with SP and IdP - SSO and v2.6) Alistair Young wrote: > Now we're on the subject I think it's time bod stopped storing passwords > in plain text. Attached is a slightly cleaned up version of my patch. The current solution isn't very beautiful, but I think it works. Part of the problem is that password changing is done is several ways and different parts of the codebase do it differently, cleaning that up is a much more complicated and tricky job. My patch makes encrypted passwords enforced (for new passwords and changes to existing ones) although old unencrypted passwords continue to work for login purposes. NB: It looked like John had started work on this but never completed it. PassPhrase.encrypt() was already in the codebase. -- +--Matthew Buckett-----------------------------------------+ | VLE Developer, Learning Technologies Group | | Tel: +44 (0) 1865 283660 http://www.oucs.ox.ac.uk/ | +------------Computing Services, University of Oxford------+ |
