Project

General

Profile

Actions

Feature #6394

closed

Add Salt to Authentication

Added by Eric Thomas about 14 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-09-14
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

The passwords in the redmine database are hashed, but a salt is not added. If a database is compromised, one could run a rainbow attack and could potentially deduce a username's password.


Related issues

Related to Redmine - Feature #7410: Add salt to user passwordsClosed2011-01-22

Actions
Actions

Also available in: Atom PDF