Details
-
Improvement
-
Resolution: Done
-
High
-
2015.07, 1.11.0, 2017.08
-
None
Description
Currently eZ Publish is only using plain text or MD5 for password hash, this improvement implements the usage of BCRYPT to improve the security of the stored passwords.
It uses PHP's PASSWORD_DEFAULT as default algorithm, meaning that BCRYPT may be replaced by something else in the future.
NB: This expands the password_hash DB column from 50 to 255 characters, to make room for the bigger hash, and future expansions.
Attachments
Issue Links
- relates to
-
EZP-28147 Updated user cannot log in
- Closed