View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004173 | OXID eShop (all versions) | 4.07. Source code, Test | public | 2012-06-15 15:53 | 2014-10-28 08:55 |
| Reporter | FibreFoX | Assigned To | |||
| Priority | low | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | no change required | ||
| Product Version | 4.6.1 revision 45706 | ||||
| Target Version | 4.8.9 / 5.1.9 | ||||
| Summary | 0004173: Remove password-generation/hashing from database to php | ||||
| Description | In core/oxuser.php are at least three methods that can be made within PHP to reduce access to a database: encodePassword prepareSalt decodeSalt I think everything, that can be made without any database-access, should be made without database-usage, especially in this case where that db-work isn't necessary. | ||||
| Additional Information | quick google-search: http://ditio.net/2008/11/04/php-string-to-hex-and-hex-to-string-functions/ maybe there already exists some other functionality within php | ||||
| Tags | Performance, User Management | ||||
| Theme | Both | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
| related to | 0004963 | resolved | saulius.stasiukaitis | Login doesn't work with Mysql 5.5 and iUtfMode=1 |
| related to | 0005636 | resolved | jurate.baseviciene | Use alternative password encryption, md5 is deprecated |
| related to | 0004172 | resolved | jurate.baseviciene | move (obsolete) code from method in oxuser to upgrade/update-script (getPasswordHash) |
