Hi Jeff, I think any improvement to "security" is a good idea. I have voted for FC-51. I cannot vote for FC-50 as it seems to closed like you said.
Thanks Tunc On 11 May 2010, at 05:05, Jeff Coughlin wrote: > I've already requested this in the bug tracker. Feel free to vote for it. > It's been sitting there for five years though, so I wouldn't hold your breath > :) > > http://bugs.farcrycms.org/browse/FC-51 > > Deamon did however add a password hash, but I think they just used a standard > md5 hash (which takes a whole .5 seconds to crack with a rainbow password DB > - google around for any web-based one). The correct way to do it is with a > random salt value (As I described in the feature request 5 years ago). > Although the bug/feature request was closed and labeled "fixed", I'm sure > someone could reopen it and request that it be fixed with a more solid > solution. > > http://bugs.farcrycms.org/browse/FC-50 > > -- > Jeff Coughlin > Web Application Developer > http://jeffcoughlin.com > > On May 10, 2010, at 11:25 AM, Phil Kemp wrote: > >> >> Hi guys, >> >> I've been trying to work out how to make a user's password act a bit more >> securely. I can't seem to work out where, if anywhere, I can add code that >> will check, for example, the length, whether there are lower case letters, >> numbers, etc. Has anyone else tried this before as I think it's an important >> part of FarCry that is so far missing... unless it's been added to version 6 >> (I'm running 5-2-2) >> >> Cheers, >> Phil >> -- >> View this message in context: >> http://old.nabble.com/User-Passwords-tp28512279s621p28512279.html >> Sent from the FarCry - Dev mailing list archive at Nabble.com. >> >> -- >> You received this message cos you are subscribed to "farcry-dev" Google >> group. >> To post, email: [email protected] >> To unsubscribe, email: [email protected] >> For more options: http://groups.google.com/group/farcry-dev >> -------------------------------- >> Follow us on Twitter: http://twitter.com/farcry > > -- > You received this message cos you are subscribed to "farcry-dev" Google group. > To post, email: [email protected] > To unsubscribe, email: [email protected] > For more options: http://groups.google.com/group/farcry-dev > -------------------------------- > Follow us on Twitter: http://twitter.com/farcry -- You received this message cos you are subscribed to "farcry-dev" Google group. To post, email: [email protected] To unsubscribe, email: [email protected] For more options: http://groups.google.com/group/farcry-dev -------------------------------- Follow us on Twitter: http://twitter.com/farcry
