c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 659654] Re: Please don't save password in plain text in database

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "Olivier Dony \(OpenERP\)" <659654@xxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Oct 2010 13:14:54 -0000
Reply-to: Bug 659654 <659654@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is a feature in the default installation, and allows to retrieve the password of the users if you wish to.
You may install the base_crypt module to enable password encryption. At the moment this module is in the extra-addons branch, but it will be certified and put into the official addons for rc2 normally.

We hope this helps...

** Changed in: openobject-server
       Status: New => Invalid

** Converted to question:
   https://answers.launchpad.net/openobject-server/+question/131564

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

-- 
Please don't save password in plain text in database
https://bugs.launchpad.net/bugs/659654
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.

Status in OpenObject Server: Invalid

Bug description:
Currently, passwords are saved in plain text in table "res_users".
That's a potential security problem.
Please fix it.

Thanks.