openerp-india team mailing list archive

Thread
Date

[Bug 1280152] Re: [7.0]Auth crypt encrypts passwords lazily and deactivated users will never have password encrypted

To: openerp-india@xxxxxxxxxxxxxxxxxxx
From: "Olivier Dony \(OpenERP\)" <1280152@xxxxxxxxxxxxxxxxxx>
Date: Thu, 19 Jun 2014 10:08:06 -0000
Reply-to: Bug 1280152 <1280152@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Fixed in 7.0 in github at revision https://github.com/odoo-dev/odoo/commit/f29ff5ef
Thanks for reporting and proposing a patch!

** Changed in: openobject-addons
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to Odoo Addons.
https://bugs.launchpad.net/bugs/1280152

Title:
  [7.0]Auth crypt encrypts passwords lazily and deactivated users will
  never have password encrypted

Status in Odoo Addons:
  Fix Released

Bug description:
  Auth_crypt module use by default md5 hash instead of the proposed
  sha256.

  Sadly this implementation is broken.

  Also passwords are only encrypted when user log in for the first time.  
  So deactivated usesr will never have their password encrypted.

  Regards

  Nicolas

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/1280152/+subscriptions

References

[Bug 1280152] [NEW] [7.0][trunk]Auth crypt sha256 is broken and deactivated users will never have password encrypted
From: Nicolas Bessi - Camptocamp, 2014-02-14