[ https://jira.duraspace.org/browse/DS-861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mark H. Wood updated DS-861: ---------------------------- Status: Open (was: Received) > Salt PasswordAuthentication > --------------------------- > > Key: DS-861 > URL: https://jira.duraspace.org/browse/DS-861 > Project: DSpace > Issue Type: Improvement > Components: DSpace API > Affects Versions: 1.7.0 > Reporter: Alex Lemann > > DSpace does not store and use salted hash passwords for local database based > authentication (PasswordAuthentication). This constitutes a security risk in > that given a database dump an attacker can more easily crack passwords using > a rainbow table. For more information see the wikipedia article on salting > password hashes: > http://en.wikipedia.org/wiki/Salt_(cryptography) > Possible Tasks: > Create new configuration parameter for the salt value > Automatically generate a securely random hash for new projects > Document new configuration option & install information > Store salted hashes in passwords in DB > Use salt for authentication -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.duraspace.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel