OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remove 'md5Hashed' variable from Javascript


+1

2018-04-12 20:35 GMT-03:00 Rohit Yadav <rohit.yadav@xxxxxxxxxxxxx>:

> +1
>
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: Rafael Weingärtner <rafaelweingartner@xxxxxxxxx>
> Sent: Friday, April 13, 2018 4:04:24 AM
> To: users; dev
> Subject: Re: Remove 'md5Hashed' variable from Javascript
>
> Hello folks,
> I have not heard anything back here. I will still wait a few more days. If
> I do not see anybody against it, I will assume lazy consensus and proceed
> removing these variables.
>
> On Mon, Apr 9, 2018 at 2:31 PM, Rafael Weingärtner <
> rafaelweingartner@xxxxxxxxx> wrote:
>
> > Hello fellow CloudStackers,
> >
> > Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> > noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> > useful at all. This variable was used to control if we hash or not the
> > password of users in the user side (browser). However, we no longer hash
> > the password on the user side. All of the password processing is executed
> > in the server side according to the priority of hashing mechanism defined
> > by the administrator.
> >
> > I am addressing this cleanup with this PR https://github.com/apache/
> > cloudstack/pull/2555.
> >
> > If you have any objections regarding this variable and its relate code
> > removal, please do so. Otherwise, we will proceed to remove it.
> >
> > --
> > Rafael Weingärtner
> >
>
>
>
> --
> Rafael Weingärtner
>
> rohit.yadav@xxxxxxxxxxxxx
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
>
>
>