[Amdatu-developers] [JIRA] (AMDATUAUTH-41) Store passwords encrypted

Ivo Ladage - van Doorn (JIRA) Mon, 04 Jun 2012 01:48:29 -0700

Proposed solution: add additional 'encrypted_password' credential column, read from by the LoginService and written to by the UserAdmin gadget. Encryption should be one-way with some configurable key, owned by the LoginService.
For backwards compatibility, 2 solutions are possible:

If a login is requested for a user with empty 'encrypted_password' credential but filled 'password' credential, the password is encrypted and moved at runtime (so runtime migration from old to new).
Upon starting the LoginService, it validates if the Administrator user has a 'password' credential but no 'password_encrypted' credential. If so, it loops over all users (except Administrator) and encrypts and moves the credential. When that succeeds, also the Administrator's credential is migrated.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira

_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers

[Amdatu-developers] [JIRA] (AMDATUAUTH-41) Store passwords encrypted

Reply via email to