Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-582

Automatic password update when changing the storage type

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Won't Fix
    • Major
    • None
    • None
    • Model
    • None

    Description

      There are different storage types for Password properties, for example clear, hash, encrypt. When changing the storage type for such a property, the property instances (actual passwords) are not changed, automatically, only when changing (or simply re-saving) the password. This might lead to a false sense of security, since the class might say that passwords are encrypted, while in reality most existing passwords are still stored in plain text.

      Ideally, when changing the storage type between two compatible types (for example from clear text to encrypted), all instances should be automatically converted.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-70 Safe password storage

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              softec Denis Gervalle
              sdumitriu Sergiu Dumitriu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: