[
https://wso2.org/jira/browse/IDENTITY-213?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Prabath Siriwardena updated IDENTITY-213:
-----------------------------------------
Fix Version/s: 2.0
> Dont store passwords cleartext (incl mysq backend)
> -----------------------------------------------------
>
> Key: IDENTITY-213
> URL: https://wso2.org/jira/browse/IDENTITY-213
> Project: WSO2 Identity Solution
> Issue Type: New Feature
> Reporter: Harm Verhagen
> Assignee: Dimuthu Leelarathne
> Fix For: 2.0
>
>
> From a security point of view, one typically does not want that the password
> of a user is stored anywhere. (but rather the md5 hashed version of it).
> Currently IS stored the password in cleartext (even 'in' a cookie on a users
> pc).
> When using a mysql backend, the password is in cleartext in the database.
> feature request:
> Support a mysql backend where the password is not stored in clear, but rather
> in md5 hash form.
> This means that nobody exept the user knows the password.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Identity-dev mailing list
[email protected]
https://wso2.org/cgi-bin/mailman/listinfo/identity-dev
