phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2024-11-08 16:02:40 +01:00

History

epriestley dd70c59465 Use OpaqueEnvelopes for all passwords in Phabricator Summary: See D2991 / T1526. Two major changes here: - PHP just straight-up logs passwords on ldap_bind() failures. Suppress that with "@" and keep them out of DarkConsole by enabling discard mode. - Use PhutilOpaqueEnvelope whenever we send a password into a call stack. Test Plan: - Created a new account. - Reset password. - Changed password. - Logged in with valid password. - Tried to login with bad password. - Changed password via accountadmin. - Hit various LDAP errors and made sure nothing appears in the logs. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran Differential Revision: https://secure.phabricator.com/D2993	2012-07-17 12:06:33 -07:00
..
account_admin.php	Use OpaqueEnvelopes for all passwords in Phabricator	2012-07-17 12:06:33 -07:00
add_user.php	Depend on class autoloading	2012-05-30 16:57:21 -07:00

epriestley dd70c59465 Use OpaqueEnvelopes for all passwords in Phabricator

Summary:
See D2991 / T1526. Two major changes here:

  - PHP just straight-up logs passwords on ldap_bind() failures. Suppress that with "@" and keep them out of DarkConsole by enabling discard mode.
  - Use PhutilOpaqueEnvelope whenever we send a password into a call stack.

Test Plan:
  - Created a new account.
  - Reset password.
  - Changed password.
  - Logged in with valid password.
  - Tried to login with bad password.
  - Changed password via accountadmin.
  - Hit various LDAP errors and made sure nothing appears in the logs.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2993

2012-07-17 12:06:33 -07:00

account_admin.php

Use OpaqueEnvelopes for all passwords in Phabricator

2012-07-17 12:06:33 -07:00

add_user.php

Depend on class autoloading

2012-05-30 16:57:21 -07:00