Comments (6)
With this change all the existing passwords would become obsolete. So maybe a better approach would be encorporating validation for ASCII chars for password input. What do you think?
from bonobo-git-server.
Of course I have a ideal.
In User table add a field as password version,
- version 0, mean old password algorithm
- version 1, mean new password algorithm
- continue if next algorithm going on
We can switch to a appropriate algorithm to identify. If password is not the last version when identify password, we can update it to the last version.
And we can deny a obsoleted password only if user update his password.
PS: the worst is System.Text.Encoding.ASCII.GetString(data);
in your code.
from bonobo-git-server.
Basicaly MD5 is not a very good way of encrypting passwords anymore. I would go with different version of an algorithm. I would also prefer not doing database changes.
from bonobo-git-server.
You can choose any hash algorithm if you want, md5, sha1, sha256,,,
Best way to compute a hash value is insert salt into password. e.g, hash(salt + password)
After all, it is a security question. normally, an MD5 or SHA-1 is enough.
from bonobo-git-server.
I don't disagree with you. It's a bug but I am not sure about it's priority. It affects only users with non-ASCII passwords and simple warning not to enter characters beyond this encoding would be much simplier and effective solution for the needs of Bonobo Git Server with consideration of the backward compatibility and database structure.
from bonobo-git-server.
Your are right. Compatibility is important. But I would like do my best if we can.
In my fork, I want rewrite this part. :-)
from bonobo-git-server.
Related Issues (20)
- Is the current commit 6.5.0? HOT 3
- How can I put the repository folder to another share folder?
- Install after compile
- Getting SourceLink to work with Bonobo (git archive problem?) HOT 7
- Trivial Versioning
- 使用vs推送的时候一直提示本地低于远程版本 无法同步 Merge branch 'master' of ht HOT 6
- git clone failed large project
- Active directory user - login problem with special Char
- too many dependencies,support self contained
- Tags Not Showing on Tags Page
- is it somehow possible to search within the repo
- Feature Request: Restrict user access to selected files and folder in repository
- Restrict push into master branch
- Enabling SSH access to repositories
- Database Encryption
- Redirect loop with .NET 4.8
- Certain Characters in Passwords Cause Authentication Error in GIT Client
- 请求添加同步(镜像)功能
- If this is dead, please tell us HOT 1
- .git/info/refs not valid: is this a git repository?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bonobo-git-server.