Buzzinoffbond / phpliteadmin

Automatically exported from code.google.com/p/phpliteadmin
0 stars 0 forks source link

Manage (generate/read) Salt within Authorization class #173

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
The salt is currently generated outside the Authorization class. This means we 
have a global assumption (that some salt is generated). We should better put 
salt-management inside the class to decouple it (the rest of phpLiteAdmin 
doesn't use the salt).

(This issue has first been mentioned as a comment in issue #170.)

Original issue reported on code.google.com by crazy4ch...@gmail.com on 9 Feb 2013 at 9:28

GoogleCodeExporter commented 9 years ago
Agreed. We can also remove the SYSTEMPASSWORDENCRYPTED constant and make it a 
[static] property of Authorization.

Original comment by dreadnaut on 10 Feb 2013 at 2:12

GoogleCodeExporter commented 9 years ago
yes, good idea.

Original comment by crazy4ch...@gmail.com on 10 Feb 2013 at 3:52

GoogleCodeExporter commented 9 years ago
Here's a patch against r333. It moves the hash generation in Authorization's 
constructor and replaces SYSTEMPASSWORDENCRYPTED with 
->system_password_encrypted.

Original comment by dreadnaut on 10 Feb 2013 at 7:08

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks. Looks good. Please commit it to svn.

Original comment by crazy4ch...@gmail.com on 15 Feb 2013 at 2:41

GoogleCodeExporter commented 9 years ago
This issue was closed by revision r338.

Original comment by dreadnaut on 15 Feb 2013 at 10:57

GoogleCodeExporter commented 9 years ago
Thanks, committed as r338.

Original comment by dreadnaut on 15 Feb 2013 at 10:58