[ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14037616#comment-14037616 ]
Adam Heath commented on OFBIZ-1151: ----------------------------------- So, about updating the demo data, to have random salt+hash for each password. I'm thinking that when a release branch is forked, some as-yet-unwritten tool should be run, to rotate all standard passwords, and give them different values in the xml. This would imply some additional document that describes which entity/field/row has a password, and re-writing each xml file. Does this sound like a good way to do this going forward? > Passwords are not salted > ------------------------ > > Key: OFBIZ-1151 > URL: https://issues.apache.org/jira/browse/OFBIZ-1151 > Project: OFBiz > Issue Type: Sub-task > Components: party > Affects Versions: Release Branch 4.0, SVN trunk > Reporter: Wickersheimer Jeremy > Assignee: Adam Heath > Priority: Minor > > Password are currently hashed but not seeded which may be a security issue. -- This message was sent by Atlassian JIRA (v6.2#6252)