Password issues

Description

Problems with password:

  • Passwords are stored without encryption (should be stored as md5 or other hash with salt)

    • Salt should be defined at defines.h

    • Modify users table (password -> password_hash )

    • Modify QueryExecutor methods (loadUsers/insertUser)

    • Modify DbSession registerUser and addUser by using hash instead of password

  • No restrictions for weak passwords

    • Add parameter into config - restrictions on/off

    • Add password check into registerUser method - if restriction is turned ON, special method should check password (length, used symbols a-z_@#$%0-9) when performing addUser|registerUser and return WEAK_PASSWORD_ERROR if password does not correspond this conditions

Environment

None

Test scenario

None

Parent branch

None

Status

Assignee

Mark Zaslavskiy

Reporter

Mark Zaslavskiy

Labels

None

External issue ID

None

Leader

Sergey Balandin

Architect

Kirill Krinkin

Customer visible

None

Fix versions

Affects versions

Priority

00.Blocker
Configure