View Issue Details

IDProjectCategoryView StatusLast Update
0018786phplist applicationAuthentication Systempublic24-07-17 20:03
Reporterduncanc 
PrioritynormalSeverityminorReproducibilitysometimes
Status resolvedResolutionfixed 
Product Version3.3.1 
Target Version3.3.2Fixed in Version3.3.2 
Summary0018786: ENCRYPT_ADMIN_PASSWORDS is still used
DescriptionWhile looking at https://github.com/phpList/phplist3/issues/183
I was surprised to see that the define ENCRYPT_ADMIN_PASSWORDS is still used.

I thought that admin passwords now are always encrypted (hashed).

A quick grep of the code shows that ENCRYPT_ADMIN_PASSWORDS is used in only 7 places so it looks to be a simple job to remove it entirely.
TagsNo tags attached.

Activities

michiel

24-07-17 15:33

manager   ~0059246

I think it was "ENCRYPTPASSWORD" that was removed and replaced. But yes, we should stop allowing using this option. In fact, the documentation already says we do.

https://resources.phplist.com/system/config/encrypt_admin_passwords

I'll check and remove all the instances where it's still used.