weixin_39941721
weixin_39941721
2020-12-05 10:33

Build Server password in cleartext?

Original issue 469 created by codenameone on 2013-01-06T08:22:02.000Z:

This issue is related to the Build System

What steps will reproduce the problem? 1. Follow the "Forgot Password" link on the Build System login dialog 2. Enter email address 3. You receive an email with your current password in cleartext

What is the expected output? What do you see instead?

I would expect to see a password reset link in my email with a token of some kind.

What version of the product are you using? On what operating system?

N/A

Please provide any additional information below.

Originally raised here: https://groups.google.com/forum/#!topic/codenameone-discussions/gYolDoPBhnw

该提问来源于开源项目:codenameone/CodenameOne

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

4条回答

  • weixin_39941721 weixin_39941721 5月前

    Comment #2 originally posted by codenameone on 2013-01-06T10:49:33.000Z:

    Thanks, this should be resolved now. Was a bit painful but so far easier than expected. All passwords are now MD5 hashed on the server.

    点赞 评论 复制链接分享
  • weixin_39941721 weixin_39941721 5月前

    Comment #3 originally posted by codenameone on 2013-01-06T19:10:17.000Z:

    Thanks Shai

    I really don't want to sound too pedantic but ill suggest it anyway -- would it be possible to use a salted algorithm such as bcrypt? There are a bunch of MD5 rainbow tables already available online and, as unlikely as it is, if someone's key were to become compromised, particularly in the space I work in, it would mean the audit team would descend, public disclosure and post mortems etc

    点赞 评论 复制链接分享
  • weixin_39941721 weixin_39941721 5月前

    Comment #4 originally posted by codenameone on 2013-01-07T06:08:59.000Z:

    We need to pass a security audit pre-1.0 for our corporate customers so I was looking for the fastest way for compliance not being an encryption expert this was just the code I had. I'll take a look at bcrypt.

    点赞 评论 复制链接分享
  • weixin_39941721 weixin_39941721 5月前

    Comment #1 originally posted by codenameone on 2013-01-06T08:51:28.000Z:

    <empty>

    点赞 评论 复制链接分享

相关推荐