View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0018786||phpList 3 application||Authentication System||public||24-07-17 10:15||24-07-17 20:03|
|Target Version||3.3.2||Fixed in Version||3.3.2|
|Summary||0018786: ENCRYPT_ADMIN_PASSWORDS is still used|
|Description||While looking at https://github.com/phpList/phplist3/issues/183|
I was surprised to see that the define ENCRYPT_ADMIN_PASSWORDS is still used.
I thought that admin passwords now are always encrypted (hashed).
A quick grep of the code shows that ENCRYPT_ADMIN_PASSWORDS is used in only 7 places so it looks to be a simple job to remove it entirely.
|Tags||No tags attached.|
I think it was "ENCRYPTPASSWORD" that was removed and replaced. But yes, we should stop allowing using this option. In fact, the documentation already says we do.
I'll check and remove all the instances where it's still used.