[
https://wso2.org/jira/browse/IDENTITY-213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=24656#action_24656
]
Prabath Siriwardena commented on IDENTITY-213:
----------------------------------------------
Since IS does not permit to add users when you are connecting to a mySQL
backend - i.e - there is no user registration through IS - so we do not capture
passwords or store them or create a cookie with them.
Dimuthu - can you please have a look.
Thanks.
-Prabath
> Dont store passwords cleartext (incl mysq backend)
> -----------------------------------------------------
>
> Key: IDENTITY-213
> URL: https://wso2.org/jira/browse/IDENTITY-213
> Project: WSO2 Identity Solution
> Issue Type: New Feature
> Reporter: Harm Verhagen
> Assignee: Dimuthu Leelarathne
>
> From a security point of view, one typically does not want that the password
> of a user is stored anywhere. (but rather the md5 hashed version of it).
> Currently IS stored the password in cleartext (even 'in' a cookie on a users
> pc).
> When using a mysql backend, the password is in cleartext in the database.
> feature request:
> Support a mysql backend where the password is not stored in clear, but rather
> in md5 hash form.
> This means that nobody exept the user knows the password.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Identity-dev mailing list
[email protected]
https://wso2.org/cgi-bin/mailman/listinfo/identity-dev
