Bug #3765
open
Backup configured passwords as encrypted values
Added by Michael Daigle over 15 years ago.
Updated almost 15 years ago.
Description
Currently, the user has to add the passwords for the db, skins and metacat ldap web every time they upgrade. This should use the EncryptionUtil class to save encrypted passwords in the backup files.
Note, the EncryptionUtil class has been implemented with triple-DES encryption, but has not been used or tested yet.
Along these lines of reasoning, security practices dictate never storing the plaintext password at all. Perhaps once you've began using this class we can switch over to a salted hash model of passwords in Metacat, and then passwords can be embedded the same way in the backup as they are within Metacat.
A salted hash psuedo-code example:
password = 'foo'
salt = random()
hash_string = password + 'ajk890askjl' + salt
encrypted_password = SHA1.hexdigest(hash_string)
Then the 'encrypted_password' and 'salt' values are stored, and can be backed up safely.
Original Bugzilla ID was 3765
Also available in: Atom
PDF