On 04/08/2011 09:49 PM, Thomas Goirand wrote:
> On 04/08/2011 08:14 AM, Ansgar Burchardt wrote:
>> Hi Thomas,
>>
>> I noticed you prepared a patch[1] using MySQL's PASSWORD() function.
>> Please note that this function should *not* be used by applications
>> besides MySQL itself[2] in addition to n
Hi,
Thomas Goirand writes:
> On 04/08/2011 08:14 AM, Ansgar Burchardt wrote:
>> I noticed you prepared a patch[1] using MySQL's PASSWORD() function.
>> Please note that this function should *not* be used by applications
>> besides MySQL itself[2] in addition to not salting the hash. The crypt
>>
On 04/08/2011 08:14 AM, Ansgar Burchardt wrote:
> Hi Thomas,
>
> I noticed you prepared a patch[1] using MySQL's PASSWORD() function.
> Please note that this function should *not* be used by applications
> besides MySQL itself[2] in addition to not salting the hash. The crypt
> function included
Hi Thomas,
I noticed you prepared a patch[1] using MySQL's PASSWORD() function.
Please note that this function should *not* be used by applications
besides MySQL itself[2] in addition to not salting the hash. The crypt
function included in PHP itself[3] with salting and a modern hash like
SHA-512
Processing commands for cont...@bugs.debian.org:
> severity 614304 critical
Bug #614304 [dtc-common] dtc-common: does store user passwords unhashed in the
database
Severity set to 'critical' from 'wishlist'
> tags 614304 + security
Bug #614304 [dtc-common] dtc-common: does store user passwords u
Package: dtc-common
Version: 0.29.17-1
Severity: grave
Tags: upstream security
dtc stores user passwords unencrypted in the database:
$q = "INSERT INTO $pro_mysql_new_admin_table
(reqadm_login,
reqadm_pass,
[...]
VALUES('".$_REQUEST["reqadm_login"]."',
'".$_REQUEST["reqadm_pass"]."',
6 matches
Mail list logo
