Re: Remove 'md5Hashed' variable from Javascript
+1 On Mon, Apr 9, 2018 at 11:01 PM, Rafael Weingärtner < rafaelweingart...@gmail.com> wrote: > Hello fellow CloudStackers, > > Today I was working on CLOUDSTACK-5235, which is a security issue, and I > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be > useful at all. This variable was used to control if we hash or not the > password of users in the user side (browser). However, we no longer hash > the password on the user side. All of the password processing is executed > in the server side according to the priority of hashing mechanism defined > by the administrator. > > I am addressing this cleanup with this PR > https://github.com/apache/cloudstack/pull/2555. > > If you have any objections regarding this variable and its relate code > removal, please do so. Otherwise, we will proceed to remove it. > > -- > Rafael Weingärtner >
Re: Remove 'md5Hashed' variable from Javascript
+1 boris.stoya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > On 13 Apr 2018, at 2:36, Gabriel Beims Bräscher <gabrasc...@gmail.com> wrote: > > +1 > > 2018-04-12 20:35 GMT-03:00 Rohit Yadav <rohit.ya...@shapeblue.com>: > >> +1 >> >> >> >> - Rohit >> >> <https://cloudstack.apache.org> >> >> >> >> >> From: Rafael Weingärtner <rafaelweingart...@gmail.com> >> Sent: Friday, April 13, 2018 4:04:24 AM >> To: users; dev >> Subject: Re: Remove 'md5Hashed' variable from Javascript >> >> Hello folks, >> I have not heard anything back here. I will still wait a few more days. If >> I do not see anybody against it, I will assume lazy consensus and proceed >> removing these variables. >> >> On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner < >> rafaelweingart...@gmail.com> wrote: >> >>> Hello fellow CloudStackers, >>> >>> Today I was working on CLOUDSTACK-5235, which is a security issue, and I >>> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be >>> useful at all. This variable was used to control if we hash or not the >>> password of users in the user side (browser). However, we no longer hash >>> the password on the user side. All of the password processing is executed >>> in the server side according to the priority of hashing mechanism defined >>> by the administrator. >>> >>> I am addressing this cleanup with this PR https://github.com/apache/ >>> cloudstack/pull/2555. >>> >>> If you have any objections regarding this variable and its relate code >>> removal, please do so. Otherwise, we will proceed to remove it. >>> >>> -- >>> Rafael Weingärtner >>> >> >> >> >> -- >> Rafael Weingärtner >> >> rohit.ya...@shapeblue.com >> www.shapeblue.com >> 53 Chandos Place, Covent Garden, London WC2N 4HSUK >> @shapeblue >> >> >> >>
Re: Remove 'md5Hashed' variable from Javascript
+1 2018-04-12 20:35 GMT-03:00 Rohit Yadav <rohit.ya...@shapeblue.com>: > +1 > > > > - Rohit > > <https://cloudstack.apache.org> > > > > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > Sent: Friday, April 13, 2018 4:04:24 AM > To: users; dev > Subject: Re: Remove 'md5Hashed' variable from Javascript > > Hello folks, > I have not heard anything back here. I will still wait a few more days. If > I do not see anybody against it, I will assume lazy consensus and proceed > removing these variables. > > On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner < > rafaelweingart...@gmail.com> wrote: > > > Hello fellow CloudStackers, > > > > Today I was working on CLOUDSTACK-5235, which is a security issue, and I > > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be > > useful at all. This variable was used to control if we hash or not the > > password of users in the user side (browser). However, we no longer hash > > the password on the user side. All of the password processing is executed > > in the server side according to the priority of hashing mechanism defined > > by the administrator. > > > > I am addressing this cleanup with this PR https://github.com/apache/ > > cloudstack/pull/2555. > > > > If you have any objections regarding this variable and its relate code > > removal, please do so. Otherwise, we will proceed to remove it. > > > > -- > > Rafael Weingärtner > > > > > > -- > Rafael Weingärtner > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > >
Re: Remove 'md5Hashed' variable from Javascript
+1 - Rohit <https://cloudstack.apache.org> From: Rafael Weingärtner <rafaelweingart...@gmail.com> Sent: Friday, April 13, 2018 4:04:24 AM To: users; dev Subject: Re: Remove 'md5Hashed' variable from Javascript Hello folks, I have not heard anything back here. I will still wait a few more days. If I do not see anybody against it, I will assume lazy consensus and proceed removing these variables. On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner < rafaelweingart...@gmail.com> wrote: > Hello fellow CloudStackers, > > Today I was working on CLOUDSTACK-5235, which is a security issue, and I > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be > useful at all. This variable was used to control if we hash or not the > password of users in the user side (browser). However, we no longer hash > the password on the user side. All of the password processing is executed > in the server side according to the priority of hashing mechanism defined > by the administrator. > > I am addressing this cleanup with this PR https://github.com/apache/ > cloudstack/pull/2555. > > If you have any objections regarding this variable and its relate code > removal, please do so. Otherwise, we will proceed to remove it. > > -- > Rafael Weingärtner > -- Rafael Weingärtner rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Re: Remove 'md5Hashed' variable from Javascript
Hello folks, I have not heard anything back here. I will still wait a few more days. If I do not see anybody against it, I will assume lazy consensus and proceed removing these variables. On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner < rafaelweingart...@gmail.com> wrote: > Hello fellow CloudStackers, > > Today I was working on CLOUDSTACK-5235, which is a security issue, and I > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be > useful at all. This variable was used to control if we hash or not the > password of users in the user side (browser). However, we no longer hash > the password on the user side. All of the password processing is executed > in the server side according to the priority of hashing mechanism defined > by the administrator. > > I am addressing this cleanup with this PR https://github.com/apache/ > cloudstack/pull/2555. > > If you have any objections regarding this variable and its relate code > removal, please do so. Otherwise, we will proceed to remove it. > > -- > Rafael Weingärtner > -- Rafael Weingärtner