OSDir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remove 'md5Hashed' variable from Javascript


+1 


boris.stoyanov@xxxxxxxxxxxxx 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

> On 13 Apr 2018, at 2:36, Gabriel Beims Bräscher <gabrascher@xxxxxxxxx> wrote:
> 
> +1
> 
> 2018-04-12 20:35 GMT-03:00 Rohit Yadav <rohit.yadav@xxxxxxxxxxxxx>:
> 
>> +1
>> 
>> 
>> 
>> - Rohit
>> 
>> <https://cloudstack.apache.org>
>> 
>> 
>> 
>> ________________________________
>> From: Rafael Weingärtner <rafaelweingartner@xxxxxxxxx>
>> Sent: Friday, April 13, 2018 4:04:24 AM
>> To: users; dev
>> Subject: Re: Remove 'md5Hashed' variable from Javascript
>> 
>> Hello folks,
>> I have not heard anything back here. I will still wait a few more days. If
>> I do not see anybody against it, I will assume lazy consensus and proceed
>> removing these variables.
>> 
>> On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
>> rafaelweingartner@xxxxxxxxx> wrote:
>> 
>>> Hello fellow CloudStackers,
>>> 
>>> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
>>> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
>>> useful at all. This variable was used to control if we hash or not the
>>> password of users in the user side (browser). However, we no longer hash
>>> the password on the user side. All of the password processing is executed
>>> in the server side according to the priority of hashing mechanism defined
>>> by the administrator.
>>> 
>>> I am addressing this cleanup with this PR https://github.com/apache/
>>> cloudstack/pull/2555.
>>> 
>>> If you have any objections regarding this variable and its relate code
>>> removal, please do so. Otherwise, we will proceed to remove it.
>>> 
>>> --
>>> Rafael Weingärtner
>>> 
>> 
>> 
>> 
>> --
>> Rafael Weingärtner
>> 
>> rohit.yadav@xxxxxxxxxxxxx
>> www.shapeblue.com
>> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
>> @shapeblue
>> 
>> 
>> 
>>