Project

General

Profile

Actions
Copy link

Bug #3765

open

Backup configured passwords as encrypted values

Added by Michael Daigle over 15 years ago. Updated over 14 years ago.

Status:
New
Priority:
Normal
Assignee:
Michael Daigle
Category:
metacat
Target version:
Unspecified
Start date:
01/22/2009
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
3765

Description

Currently, the user has to add the passwords for the db, skins and metacat ldap web every time they upgrade. This should use the EncryptionUtil class to save encrypted passwords in the backup files.

Note, the EncryptionUtil class has been implemented with triple-DES encryption, but has not been used or tested yet.

Actions
Copy link
 #1

Updated by Shaun Walbridge over 15 years ago

Along these lines of reasoning, security practices dictate never storing the plaintext password at all. Perhaps once you've began using this class we can switch over to a salted hash model of passwords in Metacat, and then passwords can be embedded the same way in the backup as they are within Metacat.

A salted hash psuedo-code example:

password = 'foo'
salt = random()
hash_string = password + 'ajk890askjl' + salt
encrypted_password = SHA1.hexdigest(hash_string)

Then the 'encrypted_password' and 'salt' values are stored, and can be backed up safely.

Actions
Copy link
 #2

Updated by Redmine Admin about 11 years ago

Original Bugzilla ID was 3765

Actions
Copy link

Also available in: Atom PDF