[Vtigercrm-developers] portal password encryption
Alan Bell
alan.bell at libertus.co.uk
Mon Apr 25 13:05:17 GMT 2016
On 25/04/16 13:33, Manuel Fernando wrote:
> And note that some very good merge requests were committed like some weeks ago encryption password but they are not finished or not working.
> (password is sent as md5 to customer portal and you can only log with hash password even if you change password in customer portal)
> But my intention here is not get in too much details.
so that relates to the discussion here
http://code.vtiger.com/vtiger/vtigercrm/merge_requests/13
it looks like the current strategy is to use an unsalted MD5 as the
hashing function, and to apply an MD5 transform to the passwords in the
migration script - which is irreversible and will trash everything if
you run the migration script twice for some reason.
It really isn't ideal and I don't understand why it is being done as the
code to do it the "right" way is sat there in the merge request.
Alan.
More information about the vtigercrm-developers
mailing list