Defect #18976: redmine.repositories & redmine.auth_sources passwords are not hashed - Redmine

Actions

Copy link

Defect #18976

closed

redmine.repositories & redmine.auth_sources passwords are not hashed

Added by pAno Nymous about 9 years ago. Updated about 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Security

Target version:

Start date:

Due date:

% Done:

Estimated time:

Resolution:

Invalid

Affected version:

2.5.1

Description

passwords saved in redmine.repositories and redmine.auth_sources are not hashed

Environment details are:
Redmine version 2.5.1.stable
Ruby version 1.9.3-p125 (2012-02-16) [i386-mingw32]
Rails version 3.2.17
Environment production
Database adapter Mysql2

I raised this in the forum and it doesn't seem to be a know issue:
http://www.redmine.org/boards/2/topics/45073

Actions

Copy link

Updated by Jean-Philippe Lang about 9 years ago

Status changed from New to Closed
Resolution set to Invalid

These passwords can't be hashed (Redmine needs to retrieve them in ordre to authenticate against LDAP or repositories). But they can be encrypted, please see database_cipher_key in your configuration.yml:
source:/tags/2.6.1/config/configuration.yml.example#L117

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #18976

redmine.repositories & redmine.auth_sources passwords are not hashed

Updated by Jean-Philippe Lang about 9 years ago