Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-357

Don't store passwords in clear text

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: NGS - Beta 1
    • Fix Version/s: 2013-06-10
    • Component/s: Web service
    • Labels:
      None

      Description

      The password column in the editor table should be converted to be a MD5 hash that conforms to the HTTP digest auth specification. We should use this catalyst module for authenticating our Web Service use auth:

      http://search.cpan.org/~dhoss/Catalyst-Authentication-Credential-HTTP-1.011/lib/Catalyst/Authentication/Credential/HTTP.pm

      since that method will allow us to use simple digest auth for the web service. Aside from the web service, all the user login/password changing functions need to be updated for use with MD5 passwords.

      This was bug #157 in trac.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                acid2 Oliver Charles
                Reporter:
                rob Robert Kaye
              • Votes:
                21 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  2013-06-10