View Issue Details

IDProjectCategoryView StatusLast Update
0004173OXID eShop (all versions)4.07. Source code, Testpublic2014-10-28 08:55
ReporterFibreFoX Assigned To 
PrioritylowSeverityminorReproducibilityalways
Status resolvedResolutionno change required 
Product Version4.6.1 revision 45706 
Target Version4.8.9 / 5.1.9 
Summary0004173: Remove password-generation/hashing from database to php
DescriptionIn core/oxuser.php are at least three methods that can be made within PHP to reduce access to a database:

encodePassword

prepareSalt

decodeSalt

I think everything, that can be made without any database-access, should be made without database-usage, especially in this case where that db-work isn't necessary.
Additional Informationquick google-search:
http://ditio.net/2008/11/04/php-string-to-hex-and-hex-to-string-functions/

maybe there already exists some other functionality within php
TagsPerformance, User Management
ThemeBoth
BrowserAll
PHP Versionany
Database Versionany

Relationships

related to 0004963 resolvedsaulius.stasiukaitis Login doesn't work with Mysql 5.5 and iUtfMode=1 
related to 0005636 resolvedjurate.baseviciene Use alternative password encryption, md5 is deprecated 
related to 0004172 resolvedjurate.baseviciene move (obsolete) code from method in oxuser to upgrade/update-script (getPasswordHash) 

Activities

FibreFoX

2014-10-22 16:11

reporter   ~0010264

as far as i can see, this bug can be (finally) closed, its refactored since 4.9/5.2

jurate.baseviciene

2014-10-28 08:54

reporter   ~0010280

Hi,

Bug is closed because we had refactor stuff since 4.9/5.2. Bug is not exist since version 4.9/5.2 any more