Community
Participate
Working Groups
Build ID: 1.5 RC1 Steps To Reproduce: Log in as a new user * password should NOT be sent in email, and it should be encrypted in database
Sign up is configurable in the environment files, see for example production.rb http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.epf/epfwiki/source/config/environments/production.rb?revision=1.6&root=Technology_Project&view=markup ENV['EPFWIKI_GENERATE_PASSWORDS'] = '0' # 1 to generate passwords or 0 to allow user to specify the password So the default is to allow user to specify the password. The user receives an email with the password (as a reminder) and a confirmation link. The account can only be used after it is confirmed by clicking the link. So this ensures the email and sign up is valid. The password is not stored in the database. A hash value is generated and stored so the password is not known to EPF WIki. This is working as designed and I think it is not uncommon that passwords are sent via email. Or is it?
Good, that a hash value is stored. However, I think that it is uncommon that passwords are sent via email. At least I don't see any good point for that, because the password has to be typed twice and if the user forgots it before confirming, the account can easily be deleted. I suppose the emails aren't even secure enough for including passwords, but maybe this is a voting issue, and I would won't against sending them :-) (This issue came across when a new user was doing an login test in presentation mode (video screen), and everybody could see the password which was shown in the email...)
Use of email that is not encrypted is inherently unsafe but I see your point that it would be more secure without the password. I don't think we need a vote on it. This is a small (impact) change, I can implement this as you suggest. I will also remove the ability for generating passwords, I think one way of doing this is enough. And having an user type supply and confirm the password is more secure. If the user forgets the password or the looses the confirmation link, I think it is necessary for the user to be able to set a new password. This would send another confirmation link to the user. The old password would remain active as longs as the confirmation link for the new password was not used. This to prevent anyone from randomly resetting passwords.
Yes, agreed with these suggestions.
Partly fixed as part of 249268: Passwords appear in log file https://bugs.eclipse.org/bugs/show_bug.cgi?id=249268 To do is to remove ability to generate passwords and to change reset/lost password functionality. This shouldn't generate a new password but should allow the user to set a new password.
Applied some changes so that password are no longer send via email and they don't appear in the log file. Where passwords used to appear, there is now the text [FILTERED]. Also changed the lost password approach. Now you need to supply a new password which will become active after the user clicks the confirmation link send to his email address.
Created attachment 114070 [details] mylyn/context/zip
If there is a new session object (logon via un/pw, not via cookie), any error reports will also contain a user object with the password.
We can manually filter password, password confirmation with something like below in view file. <h3>Params</h3> <hr/> <% for key, val in @params -%> <p><b><%= key %></b></p> <p><%= val.to_yaml.to_a.join("</p>\n<p> ").gsub(/password:.*/, 'password: ****') %></p> <% end if @params -%> <h3>Session</h3> <hr/> <% for key, val in @session -%> <p><b><%= key %></b></p> <p><%= val.to_yaml.to_a.join("</p>\n<p> ").gsub(/password:.*/, 'password: ****') %></p> <% end if @session -%>
Implemented the change as described in previous comment
OK
