[JAMES-2471] Changing a password should use latest configured hashing algorithm - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: master
Fix Version/s: None
Component/s: CLI, UsersStore & UsersRepository, webadmin
Labels:
- security

Description

James stores users passwords hashed in a database.

The hashing algorithm is being stored on a per-user basis. However, when changing a password, the password is hashed with the algorithm configured at user creation (not the one used during the update).

We would need, when updating user password, to ensure we are using the currently configured algorithm.

This has to be working using James WebAdmin and CLI

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Benoit Tellier

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Jul/18 05:06

Updated:: 17/Jul/18 06:48