stadeus
  • Login
Show Navigation
  • Public

    • Groups
    • Recent tags

Conversation

Notices

  1. Blaise Alleyne (balleyne)'s status on Wednesday, 11-Mar-2015 15:26:51 EDT Blaise Alleyne Blaise Alleyne
    I'm going through a db dump of our #OpenERP (now #Odoo) app... passwords are there in PLAIN TEXT! What kind of app doesn't hash passwords?!
    Wednesday, 11-Mar-2015 15:26:51 EDT from web permalink
    • Windigo ☴ (windigo)'s status on Wednesday, 11-Mar-2015 15:35:39 EDT Windigo ☴ Windigo ☴
      in reply to
      @balleyne That's shocking; apparently they feel password hashing is "optional". https://github.com/odoo/odoo/issues/1975
      Wednesday, 11-Mar-2015 15:35:39 EDT permalink
      Blaise Alleyne repeated this.
    • Blaise Alleyne (balleyne)'s status on Wednesday, 11-Mar-2015 15:38:24 EDT Blaise Alleyne Blaise Alleyne
      in reply to
      • Windigo ☴
      @windigo: OMG... it's even MORE shocking that they *know* it's a thing and similar consider it optional, a module's task... o.0 Run away...
      Wednesday, 11-Mar-2015 15:38:24 EDT permalink
    • lnxw48 (Linux Walt) (lnxw48)'s status on Wednesday, 11-Mar-2015 15:58:32 EDT lnxw48 (Linux Walt) lnxw48 (Linux Walt)
      in reply to
      • Windigo ☴
      @balleyne @windigo Is this a really old application? I remember dealing with some sites that were starting to hash ( #md5) in 2002-2004.
      Wednesday, 11-Mar-2015 15:58:32 EDT permalink
    • Sergio Durigan Junior (sergiodj)'s status on Wednesday, 11-Mar-2015 16:37:40 EDT Sergio Durigan Junior Sergio Durigan Junior
      in reply to
      @balleyne Up until last year, Jabberd2 used with a sqlite3 db did not hash the passwords... :-)
      Wednesday, 11-Mar-2015 16:37:40 EDT permalink
    • Blaise Alleyne (balleyne)'s status on Thursday, 12-Mar-2015 01:00:14 EDT Blaise Alleyne Blaise Alleyne
      in reply to
      • lnxw48 (Linux Walt)
      @lnxw48: not really. first release 2005, but v5.0 2009, v6 2011, v7 2013, v8 2014... and it's got a corporate open core thing going on...
      Thursday, 12-Mar-2015 01:00:14 EDT permalink
    • Blaise Alleyne (balleyne)'s status on Thursday, 12-Mar-2015 08:36:19 EDT Blaise Alleyne Blaise Alleyne
      in reply to
      • Sergio Durigan Junior
      @sergiodj: man! But AFAIK, sqlite doesn't have built-in hashing support... still, surprised they'd release Jabberd2 without implementing it
      Thursday, 12-Mar-2015 08:36:19 EDT permalink
    • Sergio Durigan Junior (sergiodj)'s status on Thursday, 12-Mar-2015 13:03:59 EDT Sergio Durigan Junior Sergio Durigan Junior
      in reply to
      @balleyne It's actually not about sqlite, it's about jabberd2 itself. It used sqlite to store…
      Thursday, 12-Mar-2015 13:03:59 EDT permalink

      Attachments

      1. sergiodj-20150312T170421-ga7d9aa.html
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

stadeus is a social network, courtesy of blaise.ca. It runs on GNU social, version 1.2.0-beta4, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All stadeus content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.