[Jxplorer-devel] [ jxplorer-Bugs-1529411 ] Password management problem with password encryption

Sun, 30 Jul 2006 04:54:02 -0700 

Bugs item #1529411, was opened at 2006-07-27 11:55
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=480577&aid=1529411&group_id=55394

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Trudi Ersvaer (trudiersvaer)
Assigned to: Nobody/Anonymous (nobody)
Summary: Password management problem with password encryption

Initial Comment:
Password management does not work with JXplorer 
password encryption

The DSA does not check minimum length or password 
strength (alpha-numeric) chars if JXplorer is used to 
change the password AND the password encryption 
algorithm (a new pulldown in JXplorer) is set to 
anything other than "plain text".

This is understandable as only the encrypted/hashed 
password is sent to the DSA.  However this does mean 
that using JXplorer users can circumvent the DSA's 
password management settings!!

Maybe this needs documenting/release noting? or maybe 
the selectable password algorithm in JXplorer should 
be a hidden option?

Heh.

He's right; there's no way the DSA can check these 
things if the client encrypts the password.  We could 
easily stick another config option in that directory 
could use to hide the options if that's what they'd 
like... alternatively, we could extend the tool tip to 
prompt users to use the plain version by preference...

    - Chris

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=480577&aid=1529411&group_id=55394

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Jxplorer-devel mailing list
Jxplorer-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jxplorer-devel

Reply via email to