1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 22:10:55 +01:00
phorge-phorge/src
epriestley dd70c59465 Use OpaqueEnvelopes for all passwords in Phabricator
Summary:
See D2991 / T1526. Two major changes here:

  - PHP just straight-up logs passwords on ldap_bind() failures. Suppress that with "@" and keep them out of DarkConsole by enabling discard mode.
  - Use PhutilOpaqueEnvelope whenever we send a password into a call stack.

Test Plan:
  - Created a new account.
  - Reset password.
  - Changed password.
  - Logged in with valid password.
  - Tried to login with bad password.
  - Changed password via accountadmin.
  - Hit various LDAP errors and made sure nothing appears in the logs.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2993
2012-07-17 12:06:33 -07:00
..
aphront Use OpaqueEnvelopes for all passwords in Phabricator 2012-07-17 12:06:33 -07:00
applications Use OpaqueEnvelopes for all passwords in Phabricator 2012-07-17 12:06:33 -07:00
docs Improve Windows editor documentation with specific examples for popular editors 2012-07-11 17:02:26 -07:00
infrastructure OMG 2012-07-16 10:35:36 -07:00
view Add footer link to report a bug 2012-07-16 09:37:27 -07:00
__celerity_resource_map__.php Add table markup to Phabricator 2012-07-02 14:44:38 -07:00
__phutil_library_init__.php Distinguish between aphront and phabricator. 2011-01-22 17:45:28 -08:00
__phutil_library_map__.php Centralize rendering of application mail bodies 2012-07-16 19:01:43 -07:00