Reviewed: https://reviews.mahara.org/855 Committed: http://gitorious.org/mahara/mahara/commit/5a714bf73796693bf71ffa75fcb89800dc3c0ed3 Submitter: Francois Marier (<email address hidden>) Branch: master
commit 5a714bf73796693bf71ffa75fcb89800dc3c0ed3 Author: Hugh Davenport <email address hidden> Date: Tue Nov 15 12:52:43 2011 +1300
Add a sitewide salt that isn't in the db
This salt is used to add an extra layer of salting that isn't visible from the database. This requires attackers to obtain both the database, and the config.php file to get the true salt value that is passed to crypt.
Bug #843568
See http://docs.moodle.org/20/en/Password_salting
Change-Id: Iaa575a4724e387104f9e436c07b336ef8c7ebef5 Signed-off-by: Hugh Davenport <email address hidden> Signed-off-by: Francois Marier <email address hidden>
Reviewed: https:/ /reviews. mahara. org/855 gitorious. org/mahara/ mahara/ commit/ 5a714bf73796693 bf71ffa75fcb898 00dc3c0ed3
Committed: http://
Submitter: Francois Marier (<email address hidden>)
Branch: master
commit 5a714bf73796693 bf71ffa75fcb898 00dc3c0ed3
Author: Hugh Davenport <email address hidden>
Date: Tue Nov 15 12:52:43 2011 +1300
Add a sitewide salt that isn't in the db
This salt is used to add an extra layer of salting that
isn't visible from the database. This requires attackers
to obtain both the database, and the config.php file to
get the true salt value that is passed to crypt.
Bug #843568
See http:// docs.moodle. org/20/ en/Password_ salting
Change-Id: Iaa575a4724e387 104f9e436c07b33 6ef8c7ebef5
Signed-off-by: Hugh Davenport <email address hidden>
Signed-off-by: Francois Marier <email address hidden>