[Owncloud] Any application there (apart from Media) using the user's password ?
Antoine Diamant-Berger
thesfreader at gmail.com
Tue Feb 5 20:32:20 UTC 2013
Hi all,
I've noticed yesterday that the user's password was forwarded in plaintext
to apps through the post_login and password_change hooks.
This doesn't seem to me a safe practice, and would like to propose a change
in the 2 Hooks API to "correct" that.
Before working on a technical solution, I'd like to know what other
applications use the password as provided, and their exact needs for it.
So far, the Media application has been identified, which uses an SHA256
hash. Any other ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130205/72f6f6b1/attachment.html>
More information about the Owncloud
mailing list