Feature #6394

Add Salt to Authentication

Added by Eric Thomas over 7 years ago. Updated almost 7 years ago.

Status:ClosedStart date:2010-09-14
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution:

Description

The passwords in the redmine database are hashed, but a salt is not added. If a database is compromised, one could run a rainbow attack and could potentially deduce a username's password.


Related issues

Related to Redmine - Feature #7410: Add salt to user passwords Closed 2011-01-22

History

#1 Updated by Jean-Philippe Lang almost 7 years ago

  • Status changed from New to Closed

Feature committed in r4936.

Also available in: Atom PDF