If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Registration hashes passwords with exec() and hardcoded slappasswd path

RESOLVED FIXED

Status

Cloud Services
Server: Sync
RESOLVED FIXED
8 years ago
8 years ago

People

(Reporter: lorchard, Assigned: lorchard)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

8 years ago
In setting up the weave-registration stack on my laptop, I noticed that the mozilla auth driver is shelling out to run slapppasswd to generate {SSHA} passwords.  

I have a hunch that this might not scale well - and the path to slappasswd is hardcoded, which made it hard to run on my laptop.

This can be done full within PHP.
(Assignee)

Updated

8 years ago
Assignee: telliott → lorchard
(Assignee)

Comment 1

8 years ago
Created attachment 437616 [details] [diff] [review]
patch to generate {ssha} hashed passwords in PHP
Attachment #437616 - Flags: review?
(Assignee)

Updated

8 years ago
Attachment #437616 - Flags: review? → review?(telliott)
Attachment #437616 - Flags: review?(telliott) → review+
Comment on attachment 437616 [details] [diff] [review]
patch to generate {ssha} hashed passwords in PHP

Looks good, even the vim comment :)
(Assignee)

Updated

8 years ago
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
(Assignee)

Comment 3

8 years ago
https://hg.mozilla.org/labs/weaveserver-registration/rev/544cfa94c8e1
You need to log in before you can comment on or make changes to this bug.