« Previous | Next » 

Revision 78279ca9


Added by Christopher Hlubek over 9 years ago

[BUGFIX] Implement fallback for password hash migration

The new BCrypt default hashing strategy causes problems if a FLOW3
application is migrated from version 1.0 which didn't use strategy
identifiers inside credentials. A new "fallback" configuration
option allows to specify the strategy that was used to generate
these legacy credentials. It defaults to "pbkdf2" and allows for a
seamless migration from 1.0 to 1.1. New passwords will be hashed with
the default strategy ("bcrypt" by default) and get the strategy
identifier prepended.

Change-Id: Ib817adb43552abfcce587bbbe5e1f55fd860a39c
Fixes: #32991
Releases: 1.1

  • added
  • modified
  • copied
  • renamed
  • deleted