Dont store passwords cleartext (incl mysq backend)
-----------------------------------------------------
Key: IDENTITY-213
URL: https://wso2.org/jira/browse/IDENTITY-213
Project: WSO2 Identity Solution
Issue Type: New Feature
Reporter: Harm Verhagen
>From a security point of view, one typically does not want that the password
>of a user is stored anywhere. (but rather the md5 hashed version of it).
Currently IS stored the password in cleartext (even 'in' a cookie on a users
pc).
When using a mysql backend, the password is in cleartext in the database.
feature request:
Support a mysql backend where the password is not stored in clear, but rather
in md5 hash form.
This means that nobody exept the user knows the password.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Identity-dev mailing list
[email protected]
https://wso2.org/cgi-bin/mailman/listinfo/identity-dev
