#274 edit_users.php uses always md5

Minor
open
nobody
None
1
2014-01-23
2013-06-06
Anonymous
No

edit_users.php encrypts passwords always using md5 regardless password_format configuration.

Discussion

  • Campbell Morrison

    I don't think this is a bug. The password_format configuration only applies to db_ext auth types (the variable is $auth['db_ext']['password_format']). It is assumed that users in an external database are edited by an external tool.

    Campbell

     
  • John Beranek

    John Beranek - 2014-01-23

    The only thing that could be said additionally to this is that MD5 is now considered by some to be insecure, we should consider moving to SHA1/SHA512.

     


Anonymous

Cancel  Add attachments





Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks