1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-26 00:32:42 +01:00
No description
Find a file
epriestley dd70c59465 Use OpaqueEnvelopes for all passwords in Phabricator
Summary:
See D2991 / T1526. Two major changes here:

  - PHP just straight-up logs passwords on ldap_bind() failures. Suppress that with "@" and keep them out of DarkConsole by enabling discard mode.
  - Use PhutilOpaqueEnvelope whenever we send a password into a call stack.

Test Plan:
  - Created a new account.
  - Reset password.
  - Changed password.
  - Logged in with valid password.
  - Tried to login with bad password.
  - Changed password via accountadmin.
  - Hit various LDAP errors and made sure nothing appears in the logs.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2993
2012-07-17 12:06:33 -07:00
bin Introduce "bin/repository" for repository management 2012-06-25 12:35:37 -07:00
conf Add "stop on redirect" and "always profile" debugging options 2012-07-17 12:06:25 -07:00
externals Update Javelin 2012-06-08 16:16:41 -07:00
resources Use the unified markup cache for Maniphest 2012-07-11 11:40:10 -07:00
scripts Use OpaqueEnvelopes for all passwords in Phabricator 2012-07-17 12:06:33 -07:00
src Use OpaqueEnvelopes for all passwords in Phabricator 2012-07-17 12:06:33 -07:00
support/aphlict Add an Aphlict CLI client 2012-07-05 16:04:04 -07:00
webroot Add "stop on redirect" and "always profile" debugging options 2012-07-17 12:06:25 -07:00
.arcconfig Add a custom lint name hook to Phabricator 2011-08-31 13:49:30 -07:00
.divinerconfig Centralize rendering of application mail bodies 2012-07-16 19:01:43 -07:00
.gitignore Allow specifying custom celerity resource map 2012-06-04 18:45:03 -07:00
.gitmodules Just change the location. 2011-05-28 15:14:54 -07:00
README Add a roadmap document and update the README. 2011-06-29 09:38:03 -07:00

Phabricator is a open source collection of web applications which make it easier
to write, review, and share source code. Phabricator was developed at Facebook.

This is an early release. It's pretty high-quality and usable, but under
active development so things may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.
http://www.apache.org/licenses/LICENSE-2.0