Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-1481

[backport-3.2] Set default password encryption to SHA-256

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 3.2.3
    • None
    • Flagged
    • Turing sprint 130

    Description

      Within [the documentation](http://www.onehippo.org/library/concepts/security/users.html) we describe the password encryption process in the CMS, however by default the CMS is using SHA-1 to encrypt new passwords while existing passwords can be unencrypted using any of the supported listed methods.
      It is agreed with PM Stakeholders, that we should change this to SHA-256 for 10.2 and 11 of the CMS so that new passwords will use the later method.
      Should any other customers request this also, then we would be willing to backport this change to any supported (non-EOL) CMS version.
      Jouke Jacobi do you have anything to add to this issue related to the requirements from Client?
      Hippo Client Service Team are you able to pick this up in one of the next couple of upcoming sprints?

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              abanck Arent-Jan Banck (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: