[MBS-357] Don't store passwords in clear text - MetaBrainz JIRA

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: High
Resolution: Fixed
Affects Version/s: NGS - Beta 1
Fix Version/s: 2013-06-10
Component/s: Web service
Labels:
None

Description

The password column in the editor table should be converted to be a MD5 hash that conforms to the HTTP digest auth specification. We should use this catalyst module for authenticating our Web Service use auth:

http://search.cpan.org/~dhoss/Catalyst-Authentication-Credential-HTTP-1.011/lib/Catalyst/Authentication/Credential/HTTP.pm

since that method will allow us to use simple digest auth for the web service. Aside from the web service, all the user login/password changing functions need to be updated for use with MD5 passwords.

This was bug #157 in trac.

Attachments

Issue Links

has related issue

MBS-9207 Disallow HTTP Digest authentication

Open

is related to

MBH-173 Set up an LDAP server and pave the path for a single site login

Closed

MBS-2411 Login page should be encrypted (SSL/TLS)

Closed

Activity

People

Assignee:

Oliver Charles

Reporter:

Robert Kaye

Votes:

21 Vote for this issue

Watchers:

9 Start watching this issue

Dates

Due:

2012-12-05

Created:

2010-02-02 21:28

Updated:

2017-02-18 08:36

Resolved:

2013-06-07 15:43

Packages

Version	Package
2013-06-10