Re: Remove 'md5Hashed' variable from Javascript
+1 On Mon, Apr 9, 2018 at 11:01 PM, Rafael Weingärtner < rafaelweingart...@gmail.com> wrote: > Hello fellow CloudStackers, > > Today I was working on CLOUDSTACK-5235, which is a security issue, and I > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be > useful at all. This variable was used to control if we hash or not the > password of users in the user side (browser). However, we no longer hash > the password on the user side. All of the password processing is executed > in the server side according to the priority of hashing mechanism defined > by the administrator. > > I am addressing this cleanup with this PR > https://github.com/apache/cloudstack/pull/2555. > > If you have any objections regarding this variable and its relate code > removal, please do so. Otherwise, we will proceed to remove it. > > -- > Rafael Weingärtner >
Re: Remove 'md5Hashed' variable from Javascript
+1 boris.stoya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > On 13 Apr 2018, at 2:36, Gabriel Beims Bräscher <gabrasc...@gmail.com> wrote: > > +1 > > 2018-04-12 20:35 GMT-03:00 Rohit Yadav <rohit.ya...@shapeblue.com>: > >> +1 >> >> >> >> - Rohit >> >> <https://cloudstack.apache.org> >> >> >> >> >> From: Rafael Weingärtner <rafaelweingart...@gmail.com> >> Sent: Friday, April 13, 2018 4:04:24 AM >> To: users; dev >> Subject: Re: Remove 'md5Hashed' variable from Javascript >> >> Hello folks, >> I have not heard anything back here. I will still wait a few more days. If >> I do not see anybody against it, I will assume lazy consensus and proceed >> removing these variables. >> >> On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner < >> rafaelweingart...@gmail.com> wrote: >> >>> Hello fellow CloudStackers, >>> >>> Today I was working on CLOUDSTACK-5235, which is a security issue, and I >>> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be >>> useful at all. This variable was used to control if we hash or not the >>> password of users in the user side (browser). However, we no longer hash >>> the password on the user side. All of the password processing is executed >>> in the server side according to the priority of hashing mechanism defined >>> by the administrator. >>> >>> I am addressing this cleanup with this PR https://github.com/apache/ >>> cloudstack/pull/2555. >>> >>> If you have any objections regarding this variable and its relate code >>> removal, please do so. Otherwise, we will proceed to remove it. >>> >>> -- >>> Rafael Weingärtner >>> >> >> >> >> -- >> Rafael Weingärtner >> >> rohit.ya...@shapeblue.com >> www.shapeblue.com >> 53 Chandos Place, Covent Garden, London WC2N 4HSUK >> @shapeblue >> >> >> >>
Re: Remove 'md5Hashed' variable from Javascript
+1 2018-04-12 20:35 GMT-03:00 Rohit Yadav <rohit.ya...@shapeblue.com>: > +1 > > > > - Rohit > > <https://cloudstack.apache.org> > > > > > From: Rafael Weingärtner <rafaelweingart...@gmail.com> > Sent: Friday, April 13, 2018 4:04:24 AM > To: users; dev > Subject: Re: Remove 'md5Hashed' variable from Javascript > > Hello folks, > I have not heard anything back here. I will still wait a few more days. If > I do not see anybody against it, I will assume lazy consensus and proceed > removing these variables. > > On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner < > rafaelweingart...@gmail.com> wrote: > > > Hello fellow CloudStackers, > > > > Today I was working on CLOUDSTACK-5235, which is a security issue, and I > > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be > > useful at all. This variable was used to control if we hash or not the > > password of users in the user side (browser). However, we no longer hash > > the password on the user side. All of the password processing is executed > > in the server side according to the priority of hashing mechanism defined > > by the administrator. > > > > I am addressing this cleanup with this PR https://github.com/apache/ > > cloudstack/pull/2555. > > > > If you have any objections regarding this variable and its relate code > > removal, please do so. Otherwise, we will proceed to remove it. > > > > -- > > Rafael Weingärtner > > > > > > -- > Rafael Weingärtner > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > >
Re: Remove 'md5Hashed' variable from Javascript
+1 - Rohit <https://cloudstack.apache.org> From: Rafael Weingärtner <rafaelweingart...@gmail.com> Sent: Friday, April 13, 2018 4:04:24 AM To: users; dev Subject: Re: Remove 'md5Hashed' variable from Javascript Hello folks, I have not heard anything back here. I will still wait a few more days. If I do not see anybody against it, I will assume lazy consensus and proceed removing these variables. On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner < rafaelweingart...@gmail.com> wrote: > Hello fellow CloudStackers, > > Today I was working on CLOUDSTACK-5235, which is a security issue, and I > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be > useful at all. This variable was used to control if we hash or not the > password of users in the user side (browser). However, we no longer hash > the password on the user side. All of the password processing is executed > in the server side according to the priority of hashing mechanism defined > by the administrator. > > I am addressing this cleanup with this PR https://github.com/apache/ > cloudstack/pull/2555. > > If you have any objections regarding this variable and its relate code > removal, please do so. Otherwise, we will proceed to remove it. > > -- > Rafael Weingärtner > -- Rafael Weingärtner rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Re: Remove 'md5Hashed' variable from Javascript
Hello folks, I have not heard anything back here. I will still wait a few more days. If I do not see anybody against it, I will assume lazy consensus and proceed removing these variables. On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner < rafaelweingart...@gmail.com> wrote: > Hello fellow CloudStackers, > > Today I was working on CLOUDSTACK-5235, which is a security issue, and I > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be > useful at all. This variable was used to control if we hash or not the > password of users in the user side (browser). However, we no longer hash > the password on the user side. All of the password processing is executed > in the server side according to the priority of hashing mechanism defined > by the administrator. > > I am addressing this cleanup with this PR https://github.com/apache/ > cloudstack/pull/2555. > > If you have any objections regarding this variable and its relate code > removal, please do so. Otherwise, we will proceed to remove it. > > -- > Rafael Weingärtner > -- Rafael Weingärtner
Remove 'md5Hashed' variable from Javascript
Hello fellow CloudStackers, Today I was working on CLOUDSTACK-5235, which is a security issue, and I noticed a variable ‘md5Hashed’ in the javascript that does not seem to be useful at all. This variable was used to control if we hash or not the password of users in the user side (browser). However, we no longer hash the password on the user side. All of the password processing is executed in the server side according to the priority of hashing mechanism defined by the administrator. I am addressing this cleanup with this PR https://github.com/apache/cloudstack/pull/2555. If you have any objections regarding this variable and its relate code removal, please do so. Otherwise, we will proceed to remove it. -- Rafael Weingärtner