phplist

NOTE:: Before reporting an issue, make sure you are running the latest version, currently 3.3.1


View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0018786phplist applicationAuthentication Systempublic24-07-17 11:1524-07-17 21:03
Reporterduncanc 
PrioritynormalSeverityminorReproducibilitysometimes
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version3.3.1 
Target Version3.3.2Fixed in Version3.3.2 
Summary0018786: ENCRYPT_ADMIN_PASSWORDS is still used
DescriptionWhile looking at https://github.com/phpList/phplist3/issues/183 [^]
I was surprised to see that the define ENCRYPT_ADMIN_PASSWORDS is still used.

I thought that admin passwords now are always encrypted (hashed).

A quick grep of the code shows that ENCRYPT_ADMIN_PASSWORDS is used in only 7 places so it looks to be a simple job to remove it entirely.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0059246)
michiel (manager)
24-07-17 16:33

I think it was "ENCRYPTPASSWORD" that was removed and replaced. But yes, we should stop allowing using this option. In fact, the documentation already says we do.

https://resources.phplist.com/system/config/encrypt_admin_passwords [^]

I'll check and remove all the instances where it's still used.


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker