Artifact [b553e1c6ba]
Not logged in
HomeTimelineBranchesTagsTicketsWikiLogin
Download Hex Parsed

Artifact b553e1c6ba3ee2ac37c91bf582acaefd2d461a87:

Ticket change [b553e1c6ba] - Ticket [e523287834] user passwords are stored in plain text status still Closed with 1 other change by rwilson 2010-01-10 04:57:11. 
D 2010-01-10T04:57:11
J comment user\spasswords\sare\sstored\sin\sthe\sfossil\srepository\sas\splain\stext\sinstead\sof\sa\shash.\r\n\r\n<hr><i>drh\sadded\son\s2009-09-12\s15:53:03:</i><br>\r\nThere\sare\stwo\soptions:\r\n\r\n\s\s1.\s\sUser\spasswords\scan\sbe\sstored\scleartext\sin\sthe\slocal\sdatabase\sbut\r\n\s\s\s\s\s\ssent\sover\sthe\swire\s(during\ssync)\sas\sa\shash.\r\n\r\n\s\s2.\s\sUser\spasswords\sare\sstored\shas\sa\shash\sin\sthe\slocal\sdatabase\sbut\sare\r\n\s\s\s\s\s\ssent\sin\sthe\sclear\sover\sthe\swire\sduring\sa\ssync.\r\n\r\nWe\sbelieve\sthat\s(1)\sis\sthe\sbetter\schoice\ssince\sit\srequires\san\sattacker\sto\r\nbe\sable\sto\ssee\sthe\slocal\sdatabase\sin\sorder\sto\sfind\spasswords,\sand\sif\sthe\r\nattacker\scan\ssee\sthe\slocal\sdatabase,\sthen\she\shas\salready\scompromised\sthe\r\nmachine.\s\sBut\swith\s(2),\sthe\sattack\sneed\sonly\spassively\smonitor\snetwork\r\ncommunications\sin\sorder\sto\ssteal\spasswords.\r\n\r\n<hr><i>rwilson\sadded\son\s2009-09-14\s16:40:15:</i><br>\r\nthere\sshould\sbe\ssome\s'best\spractice\sfaq'\sfor\sfossil\sthen,\sbecause\sif\si\sstore\sthe\ssame\susername/password\sin\smy\slocal\srepository\sas\sis\sin\sthe\sremote\srepository,\sthen\scompromising\smy\slocal\salso\scompromises\sthe\sremote.\s\salso,\si\sassumed\sthat\sfossil\swas\sstoring\sa\shash\sof\smy\spassword,\sso\si\schose\sa\spassword\sthat\si\suse\sfrequently\son\sthe\sinternet.\s\sso,\snow\sthat\syou\sknow\swhat\sthat\sis,\splease\sdon't\sdrain\smy\schecking\saccount.\r\n\r\n<hr><i>drh\sadded\son\s2009-09-14\s19:19:08:</i><br>\r\nNew\s"scrub"\scommand\sremove\sprivate\sinformation\sfrom\sa\srepository.\r\nCheck-in\s[6c6a978a537]\r\n\r\n<hr><i>rwilson\sadded\son\s2010-01-10\s04:54:59:</i><br>\r\nfixed\sin\s[cfe33dcf92]\s-\shurray!
K e5232878345cb71d17cc1631b12dd5903b3d272f
U rwilson
Z 46ec04a27e510675089a228b2093fa74
Fossil version [4df919803b] 2020-05-25 23:23:49