Salt PasswordAuthentication
---------------------------
Key: DS-861
URL: https://jira.duraspace.org/browse/DS-861
Project: DSpace
Issue Type: Improvement
Components: DSpace API
Affects Versions: 1.7.0
Reporter: Alex Lemann
DSpace does not store and use salted hash passwords for local database based
authentication (PasswordAuthentication). This constitutes a security risk in
that given a database dump an attacker can more easily crack passwords using a
rainbow table. For more information see the wikipedia article on salting
password hashes:
http://en.wikipedia.org/wiki/Salt_(cryptography)
Possible Tasks:
Create new configuration parameter for the salt value
Automatically generate a securely random hash for new projects
Document new configuration option & install information
Store salted hashes in passwords in DB
Use salt for authentication
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.duraspace.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
