git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remove 'md5Hashed' variable from Javascript


+1

On Mon, Apr 9, 2018 at 11:01 PM, Rafael Weingärtner <
rafaelweingartner@xxxxxxxxx> wrote:

> Hello fellow CloudStackers,
>
> Today I was working on CLOUDSTACK-5235, which is a security issue, and I
> noticed a variable ‘md5Hashed’ in the javascript that does not seem to be
> useful at all. This variable was used to control if we hash or not the
> password of users in the user side (browser). However, we no longer hash
> the password on the user side. All of the password processing is executed
> in the server side according to the priority of hashing mechanism defined
> by the administrator.
>
> I am addressing this cleanup with this PR
> https://github.com/apache/cloudstack/pull/2555.
>
> If you have any objections regarding this variable and its relate code
> removal, please do so. Otherwise, we will proceed to remove it.
>
> --
> Rafael Weingärtner
>