Conversation
Notices
-
Blaise Alleyne (balleyne)'s status on Wednesday, 11-Mar-2015 15:26:51 EDT 
Blaise Alleyne
I'm going through a db dump of our #OpenERP (now #Odoo) app... passwords are there in PLAIN TEXT! What kind of app doesn't hash passwords?! -
Windigo ☴ (windigo)'s status on Wednesday, 11-Mar-2015 15:35:39 EDT 
Windigo ☴
@balleyne That's shocking; apparently they feel password hashing is "optional". https://github.com/odoo/odoo/issues/1975 Blaise Alleyne repeated this. -
Blaise Alleyne (balleyne)'s status on Wednesday, 11-Mar-2015 15:38:24 EDT
Blaise Alleyne
@windigo: OMG... it's even MORE shocking that they *know* it's a thing and similar consider it optional, a module's task... o.0 Run away... -
lnxw48 (Linux Walt) (lnxw48)'s status on Wednesday, 11-Mar-2015 15:58:32 EDT 
lnxw48 (Linux Walt)
@balleyne @windigo Is this a really old application? I remember dealing with some sites that were starting to hash ( #md5) in 2002-2004. -
Sergio Durigan Junior (sergiodj)'s status on Wednesday, 11-Mar-2015 16:37:40 EDT 
Sergio Durigan Junior
@balleyne Up until last year, Jabberd2 used with a sqlite3 db did not hash the passwords... :-) -
Blaise Alleyne (balleyne)'s status on Thursday, 12-Mar-2015 01:00:14 EDT
Blaise Alleyne
@lnxw48: not really. first release 2005, but v5.0 2009, v6 2011, v7 2013, v8 2014... and it's got a corporate open core thing going on... -
Blaise Alleyne (balleyne)'s status on Thursday, 12-Mar-2015 08:36:19 EDT
Blaise Alleyne
@sergiodj: man! But AFAIK, sqlite doesn't have built-in hashing support... still, surprised they'd release Jabberd2 without implementing it -
Sergio Durigan Junior (sergiodj)'s status on Thursday, 12-Mar-2015 13:03:59 EDT
Sergio Durigan Junior
@balleyne It's actually not about sqlite, it's about jabberd2 itself. It used sqlite to store…
-
All stadeus content and data are available under the