Open-AudIT

What's on your network?
It is currently Tue Jan 16, 2018 9:29 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
 Post subject: Password-Handling
PostPosted: Mon Aug 07, 2006 10:53 pm 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
Hello,

there some bugs regarding password-handling. Here the fixes:

admin_config.php:
->Password are now saved in md5-hashed instead of Cleartext-Passwords
->Bug during saving the password to include_config.php.

Code:
60:   //$content .= "  'admin' => 'Open-AudIT"; //Delete this line. It's a backdoor, because the user and password are hardcoded and can't be change
61:   if ($username0 == "") {} else { $content .= " \n  '$username0' => '".md5($password0)."'"; }
62:   if ($username1 == "") {} else { $content .= " ,\n  '$username1' => '".md5($password1)."'"; }
63:   if ($username2 == "") {} else { $content .= " ,\n  '$username2' => '".md5($password2)."'"; }
64:   if ($username3 == "") {} else { $content .= " ,\n  '$username3' => '".md5($password3)."'"; }


include.php
->Password are now saved in md5-hashed instead of Cleartext-Passwords

Code:
34: if ($users[$_SERVER['PHP_AUTH_USER']] != md5($_SERVER['PHP_AUTH_PW']))


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 11:36 pm 
I am moving the users and passwords to the database, so we will no longer be storing them in a text file. I store the passwords using sha1 encryption with a salt, so that the same password won't have the same hash. I think that will work fine, right? :)


Top
  
Reply with quote  
 Post subject:
PostPosted: Tue Aug 08, 2006 12:01 am 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
O.K. When will the new version released?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Aug 08, 2006 12:13 am 
When it's done. :) Hopefully next week. Fixes and changes to code are always up to date on the subversion repository. Mark hasn't been releasing zip files recently, so I wouldn't wait for those.


Top
  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group