[Jxplorer-devel] [ jxplorer-Bugs-1529411 ] Password management problem with password encryption

Sun, 17 Jun 2012 21:31:40 -0700 

Bugs item #1529411, was opened at 2006-07-26 18:55
Message generated for change (Settings changed) made by pegacat
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=480577&aid=1529411&group_id=55394

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Closed
>Resolution: Out of Date
Priority: 5
Private: No
Submitted By: Trudi Ersvaer (trudiersvaer)
Assigned to: Nobody/Anonymous (nobody)
Summary: Password management problem with password encryption

Initial Comment:
Password management does not work with JXplorer 
password encryption

The DSA does not check minimum length or password 
strength (alpha-numeric) chars if JXplorer is used to 
change the password AND the password encryption 
algorithm (a new pulldown in JXplorer) is set to 
anything other than "plain text".

This is understandable as only the encrypted/hashed 
password is sent to the DSA.  However this does mean 
that using JXplorer users can circumvent the DSA's 
password management settings!!

Maybe this needs documenting/release noting? or maybe 
the selectable password algorithm in JXplorer should 
be a hidden option?

Heh.

He's right; there's no way the DSA can check these 
things if the client encrypts the password.  We could 
easily stick another config option in that directory 
could use to hide the options if that's what they'd 
like... alternatively, we could extend the tool tip to 
prompt users to use the plain version by preference...

    - Chris

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=480577&aid=1529411&group_id=55394

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Jxplorer-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jxplorer-devel

Reply via email to