Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password Field values are saved as plaintext by default? #1277

Closed
rclai opened this issue Apr 16, 2013 · 6 comments
Closed

Password Field values are saved as plaintext by default? #1277

rclai opened this issue Apr 16, 2013 · 6 comments
Labels
Status: Help Wanted We have not prioritized this yet, but you can help make it happen to speed it up Type: Enhancement Enhancements to features that already exist, but are not major additions
Milestone
Backlog Archive

Comments

@rclai
Copy link

rclai commented Apr 16, 2013

Shouldn't they be hashed at least?

Perhaps have an option in the field definition to choose what kind of encryption to use?
@sc0ttkclark
Copy link
Member

The only difference between password fields and normal text fields is the use of the password input field itself.

In the future, we can add options for encryption/hashing of the value during save.

@rclai
Copy link
Author

rclai commented Apr 16, 2013

Cool.

@orchid-hybrid
Copy link

Hello,

I've written up an initial commit for password hashing: #2229

This adds two options to password fields: whether or not you'd like to hash them, and what salt to use. It stores them as 32 byte (256 bit) values using pbkdf2 sha1.

I hope this is useful to you as I think password hashing is very important! Looking forward to review.

@sc0ttkclark sc0ttkclark modified the milestones: Pods 3.0, Pods Future Release Jun 10, 2014
@sc0ttkclark
Copy link
Member

Replied on #2229, looks great!

@pglewis pglewis modified the milestones: Pods Future Release, Pods 3.0 Oct 27, 2014
@pglewis
Copy link
Contributor

pglewis commented Oct 27, 2014

Going to bump this back to Future Release, for now. Loop fields or bust for 3.0.

@sc0ttkclark sc0ttkclark removed the Keyword: Has Bounty Donor has reached out to us and funded this specifically label Jun 1, 2015
@sc0ttkclark sc0ttkclark added the Status: Help Wanted We have not prioritized this yet, but you can help make it happen to speed it up label Dec 29, 2015
@lougreenwood
Copy link

lougreenwood commented Dec 3, 2016
edited
Loading

Any news on this? I just noticed that password fields are stored as plain text.

Also, one thing I'd like to suggest is that when this is released, all existing passwords fields are automatically changed to be saved as hash, so there's no need to manually update existing posts that were previously saved as plaintext...

@sc0ttkclark sc0ttkclark modified the milestones: Backlog, Backlog Archive Sep 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Help Wanted We have not prioritized this yet, but you can help make it happen to speed it up Type: Enhancement Enhancements to features that already exist, but are not major additions
Projects
None yet
Milestone
Backlog Archive
Development

No branches or pull requests
5 participants
@sc0ttkclark @rclai @pglewis @orchid-hybrid @lougreenwood