Feature #6394
Add Salt to Authentication
| Status: | Closed | Start date: | 2010-09-14 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | - | |||
| Resolution: |
Description
The passwords in the redmine database are hashed, but a salt is not added. If a database is compromised, one could run a rainbow attack and could potentially deduce a username's password.
Related issues
History
#1
Updated by Jean-Philippe Lang almost 10 years ago
- Status changed from New to Closed
Feature committed in r4936.