User Story #1387 (accepted)
Opened 15 years ago
Last modified 10 years ago
Improve login security — at Version 9
Reported by: | jamoore | Owned by: | |
---|---|---|---|
Priority: | critical | Milestone: | Unscheduled |
Component: | Security | Keywords: | n.a. |
Cc: | cxallan, jrswedlow, jburel, bpindelski, mtbcarroll | Story Points: | n.a. |
Sprint: | n.a. | Importance: | n.a. |
Total Remaining Time: | 0.0d | Estimated Remaining Time: | n.a. |
Description (last modified by jamoore)
Also:
- Review hash/salt functions
- Add method changeUserPasswordWithHash (for 5.0)
- Accept pre-hashed passwords
- Expand hash column to at least 100 characters (or bit vectors up to a min. of 512)
- Add "hashType" column.
- Turn on SSL w/ ADH as a "preferred" transport by default (#838)
- http://arstechnica.com/security/2013/09/long-passwords-are-good-but-too-much-length-can-be-bad-for-security/ (django/4096 limit)
Change History (9)
comment:1 Changed 15 years ago by jmoore
- Milestone changed from OMERO-Beta4.1 to OMERO-Beta4.2
comment:2 Changed 14 years ago by jmoore
- Milestone changed from OMERO-Beta4.2 to Unscheduled
comment:3 Changed 14 years ago by jmoore
- Description modified (diff)
comment:4 Changed 14 years ago by jmoore
- Description modified (diff)
comment:5 Changed 14 years ago by jmoore
- Owner jmoore deleted
comment:6 Changed 12 years ago by agilo
- Status changed from new to accepted
Updated status, related task in progress
comment:7 Changed 11 years ago by jmoore
- Description modified (diff)
comment:8 Changed 11 years ago by jamoore
- Cc jburel bpindelski mtbcarroll added
- Description modified (diff)
Discussing hash requirements with Chris. This may need to have effort on the 4.4.x line.
comment:9 Changed 11 years ago by jamoore
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
This along with OmeroSessions rework is important, but doesn't fit into 4.1