[
https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15759118#comment-15759118 ]
Jacques Le Roux edited comment on OFBIZ-1151 at 12/18/16 5:11 PM:
------------------------------------------------------------------
Not sure why I wrote that then, the trunk is never released :) I guess I feared issues we got once on the demo where somehow an attacker was able to take control of the VM. Note that this was 2 VMs ago, the 2nd and the current 3rd generation were never infiltrated, at least that I know.
This could seems neglectible, but believe me the infra team was quite worried, you never know where it stops. We were lucky it was more a student playing...
was (Author: jacques.le.roux):
Not sure why I wrote that then, the trunk is never released :) I guess I feared issues we got once on the demo where somehow an attacker was able to take control of the VM. Note that this was 2 VMs ago, the 2nd and the current 3rd generation were never infiltrated, at least that I know.
> Passwords are not salted
> ------------------------
>
> Key: OFBIZ-1151
> URL:
https://issues.apache.org/jira/browse/OFBIZ-1151> Project: OFBiz
> Issue Type: Sub-task
> Components: party
> Affects Versions: Release Branch 4.0, Trunk
> Reporter: Wickersheimer Jeremy
> Assignee: Adam Heath
> Priority: Minor
>
> Password are currently hashed but not seeded which may be a security issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
