Subetha users password encryption patch #43
Description
PFA the patch that uses one-way password hash for subethamail users.
The encryption at the moment is SHA 256 which provide us modest
security which is better than plain passwords.
My primary goal was to get rid of plain passwords while not modifying
too many of subethamail files and existing functionality/schema.
To make the patch work on existing PostgreSQL database, steps similar
to following need to be taken (via psql or your favourite tool):
1. Enable pgcrypto contrib module by executing
share/postgresql/contrib/pgcrypto.sql (tested on vanilla PostgreSQL
9.0 - it is required to get sha256 hash within PG)
2. UPDATE subetha.person SET passwd=encode(digest(passwd,'sha256'),'hex');
Original issue reported on code.google.com by usman.sa...@gmail.com on 15 Nov 2010 at 10:31
Attachments: