#4403 - Automatic re-saving of insecure passwords
-
By Chris Graham
- Added
- 1 view
| Identifier | #4403 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Automatic re-saving of insecure passwords |
| Status | Open |
| Tags |
Type: Security (custom) |
| Handling member | Deleted |
| Addon | core |
| Description | If you log in with a password that is not in the standard Composr format, immediately re-save it in the correct format.
Have a config option to enable this behaviour, but default it to on. Scenarios include: 1) Old sites being updated, so that new security is automatically applied 2) People manually editing the DB to put in a new password in plain text Do this for Composr accounts, but also for the master password. For the case of the master password, we need to be a little careful. We can't just rebuild the config file in a naive way because it may contain code - we'd need to do a reg-exp search and replace. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
There have been no comments yet