Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-24744

Increase password security

    XMLWordPrintable

    Details

      Description

      Currently eZ Publish is only using plain text or MD5 for password hash, this improvement implements the usage of BCRYPT to improve the security of the stored passwords.

      It uses PHP's PASSWORD_DEFAULT as default algorithm, meaning that BCRYPT may be replaced by something else in the future.

      NB: This expands the password_hash DB column from 50 to 255 characters, to make room for the bigger hash, and future expansions.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              pedro.resende-obsolete@ez.no Pedro Resende (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 days, 5 hours, 35 minutes
                  4d 5h 35m