[
http://mifosforge.jira.com/browse/MIFOS-4656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=64609#action_64609
]
keithwoodlock commented on MIFOS-4656:
--------------------------------------
so requires replacing code that uses passord hashing class. putting in place
spring config to use spring hashing (md5? salting?) and also a database upgrade
script to:
1) update database table to have password column that is not blob (might makes
sense to just reset all accounts and force people on login to change password)
> use stock Spring Security for password hashing
> ----------------------------------------------
>
> Key: MIFOS-4656
> URL: http://mifosforge.jira.com/browse/MIFOS-4656
> Project: mifos
> Issue Type: Task
> Reporter: Adam Monsen
>
> We shouldn't be doing custom password hashing. Instead, we should rely on
> Spring Security's secure/out of the box/tested means of password hashing.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://mifosforge.jira.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
