[opencms-dev] OCEE LDAP module stores passwords in the database
Varela Pet Rafael
rafael.varela at usc.es
Thu Dec 12 13:45:44 CET 2019
> Date: Wed, 11 Dec 2019 13:55:17 +0100
> From: Alexander Kandzior <alex at opencms.org>
> To: The OpenCms mailing list <opencms-dev at opencms.org>
> Subject: Re: [opencms-dev] OCEE LDAP module stores passwords in the database
>
> Hi Rafael,
>
>> One final comment for you to consider: if the password is going to turn useless in LDAP auth scenarios, why not just leaving it blank? Is not a big issue, but in some situations could be confusing to find data stored in that field (for example, to an external auditor).
>
> To me a password unknown to everyone seemed more secure than a default password or an empty password.
> We will look into the details when we implement this.
OK, thanks.
If there's a (even remote) possibility that someone can log in with that
password then yes, it's way better to store a password unknown to everyone.
Kind regards,
--
Rafael Varela Pet
Responsable de seguridade
Área de Tecnoloxías da Información e Comunicacións
Universidade de Santiago de Compostela
15782 Santiago de Compostela
https://www.usc.gal/atic/seguridade
More information about the opencms-dev
mailing list