mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 14:00:56 +01:00
dd70c59465
Summary: See D2991 / T1526. Two major changes here: - PHP just straight-up logs passwords on ldap_bind() failures. Suppress that with "@" and keep them out of DarkConsole by enabling discard mode. - Use PhutilOpaqueEnvelope whenever we send a password into a call stack. Test Plan: - Created a new account. - Reset password. - Changed password. - Logged in with valid password. - Tried to login with bad password. - Changed password via accountadmin. - Hit various LDAP errors and made sure nothing appears in the logs. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran Differential Revision: https://secure.phabricator.com/D2993 |
||
---|---|---|
.. | ||
aphront | ||
calendar | ||
conduit | ||
daemon | ||
differential | ||
drydock | ||
fpm | ||
install | ||
repository | ||
search | ||
setup | ||
sql | ||
symbols | ||
user | ||
util | ||
__init_script__.php | ||
celerity_mapper.php |