Opened 4 years ago
Closed 4 years ago
#675 closed Enhancement (fixed)
Salt on password change
| Reported by: | SGr33n | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Core | Version: | 1.2 |
| Severity: | minor | Keywords: | |
| Cc: | brettp | Difficulty: |
Description
Hi mates,
In my opinion it may be useful to change the user salt every password change.
It happened that I imported some users and some MD5 passwords without salt.
It works but when users changed their passwords, the salt code was still null.
Thanks,
Change History (4)
comment:1 Changed 4 years ago by marcus
- Priority changed from major to minor
- Type changed from defect to enhancement
comment:2 Changed 4 years ago by marcus
- Resolution set to fixed
- Status changed from new to closed
(In [svn:2562]) Closes #675: Salt changed during password reset
comment:3 Changed 4 years ago by SGr33n
- Resolution fixed deleted
- Status changed from closed to reopened
When I change the password from settings, it is still the same salt :(
comment:4 Changed 4 years ago by marcus
- Resolution set to fixed
- Status changed from reopened to closed
(In [svn:2567]) Closes #675: Posted missing commits from last time.
Note: See
TracTickets for help on using
tickets.
Seems a reasonable precaution, will consider putting this in.