New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

More secure password hashes #8213

Merged
merged 3 commits into from Feb 8, 2018

Conversation

Projects
None yet
3 participants
@murrant
Member

murrant commented Feb 6, 2018

Use PHP 5.5 password_hash(), currently uses bcrypt
increase password field length as per php documentation

DO NOT DELETE THIS TEXT

Please note

Please read this information carefully. You can run ./scripts/pre-commit.php to check your code before submitting.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926

More secure password hashes
Use PHP 5.5 password_hash(), currently uses bcrypt
increase password field length as per php documentation

@murrant murrant added the Security label Feb 6, 2018

@murrant murrant added the Schema label Feb 7, 2018

@scrutinizer-notifier

This comment has been minimized.

scrutinizer-notifier commented Feb 7, 2018

The inspection completed: 6 new issues, 1 updated code elements

@laf laf merged commit 1188b53 into librenms:master Feb 8, 2018

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
license/cla Contributor License Agreement is signed.
Details

@murrant murrant deleted the murrant:update-password-hashes branch Feb 9, 2018

inetAnt added a commit to criteo-forks/librenms that referenced this pull request Mar 19, 2018

security: Use more secure password hashes (librenms#8213)
* More secure password hashes
Use PHP 5.5 password_hash(), currently uses bcrypt
increase password field length as per php documentation

* Use password_hash()/password_verify() for cookies too

* forgot to update db_schema.yaml
@lock

This comment has been minimized.

lock bot commented May 16, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed.

@lock lock bot locked as resolved and limited conversation to collaborators May 16, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.