6.0.0-git
2019-04-23

[#12962] Encrypted MySQL Password
Summary Encrypted MySQL Password
Queue Horde Framework Packages
Queue Version Git master
Type Enhancement
State Resolved
Priority 1. Low
Owners jan (at) horde (dot) org
Requester stwagner (at) openst (dot) de
Created 2014-02-10 (1898 days ago)
Due
Updated 2014-02-11 (1897 days ago)
Assigned
Resolved 2014-02-10 (1898 days ago)
Milestone
Patch Yes

History
2014-02-11 11:17:50 Git Commit Comment #7 Reply to this comment
Changes have been made in Git (master):

commit 75657c76f8ea67ca56d588b7bd81f0dd38628131
Author: Jan Schneider <jan@horde.org>
Date:   Tue Feb 11 12:17:32 2014 +0100

     [jan] Add mysql encryption option for SQL backends (Request #12962).

  horde/config/conf.xml |    2 ++
  horde/docs/CHANGES    |    1 +
  horde/package.xml     |    1 +
  3 files changed, 4 insertions(+), 0 deletions(-)

http://git.horde.org/horde-git/-/commit/75657c76f8ea67ca56d588b7bd81f0dd38628131
2014-02-10 19:57:51 stwagner (at) openst (dot) de Comment #6 Reply to this comment
Thanks a lot!
Would it mind you to push something like

Use 'mysql' if the passwords are stored by using the password() 
function of MySQL (MySQL Version >=4.1).

into documentation (horde/passwd/docs/INSTALL, line 234)?

2014-02-10 17:14:51 Jan Schneider Assigned to Jan Schneider
State ⇒ Resolved
 
2014-02-10 17:14:44 Git Commit Comment #5 Reply to this comment
Changes have been made in Git (master):

commit 4a1a64dd1cc9236bb6853dc07efb77244a5430a8
Author: Jan Schneider <jan@horde.org>
Date:   Mon Feb 10 18:13:57 2014 +0100

     [jan] Add MySQL password hashing (Request #12962).

  framework/Auth/lib/Horde/Auth.php           |    4 ++++
  framework/Auth/package.xml                  |    2 ++
  framework/Auth/test/Horde/Auth/TestCase.php |  Bin 2220 -> 2297 bytes
  3 files changed, 6 insertions(+), 0 deletions(-)

http://git.horde.org/horde-git/-/commit/4a1a64dd1cc9236bb6853dc07efb77244a5430a8
2014-02-10 17:14:29 Jan Schneider Version ⇒ Git master
Queue ⇒ Horde Framework Packages
 
2014-02-10 16:09:44 stwagner (at) openst (dot) de Comment #4 Reply to this comment
The "new" MySQL password  hash method (>= MySQL 4.1).
2014-02-10 15:59:20 Jan Schneider Comment #3
State ⇒ Feedback
Reply to this comment
Which password hashing method are you talking about? The old or the 
new hashing method?
2014-02-10 14:04:32 stwagner (at) openst (dot) de Comment #2
New Attachment: horde-Auth.mysql.php.patch Download
Reply to this comment
Patch now attached.
2014-02-10 14:03:35 stwagner (at) openst (dot) de Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 1. Low
Summary ⇒ Encrypted MySQL Password
Queue ⇒ Passwd
Milestone ⇒
Patch ⇒ Yes
Reply to this comment
It seems that there is no configuration option if passwords stored 
within an MySQL database and the passwords are encrypted by MySQLs 
password function.
The check of old password fail because, of missing algorithm that 
matches MySQLs password().

I propose to extend the getCryptedPassword function of Auth.php class 
with a MySQL password hash function (PHP-based). MySQL passwords are 
then supported by the encryption option 'mysql' in the 'sql' section 
of backends.php.

Patch attached.

Saved Queries