[
https://issues.apache.org/jira/browse/JAMES-2471?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16546099#comment-16546099
]
Tellier Benoit commented on JAMES-2471:
---------------------------------------
Note that algorithm upgrade can also be performed upon login, as password is
available, as suggested by Jean Helou on server-user mailing list.
> Changing a password should use latest configured hashing algorithm
> ------------------------------------------------------------------
>
> Key: JAMES-2471
> URL: https://issues.apache.org/jira/browse/JAMES-2471
> Project: James Server
> Issue Type: Improvement
> Components: CLI, UsersStore & UsersRepository, webadmin
> Affects Versions: master
> Reporter: Tellier Benoit
> Priority: Major
> Labels: security
>
> James stores users passwords hashed in a database.
> The hashing algorithm is being stored on a per-user basis. However, when
> changing a password, the password is hashed with the algorithm configured at
> user creation (not the one used during the update).
> We would need, when updating user password, to ensure we are using the
> currently configured algorithm.
> This has to be working using James WebAdmin and CLI
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
