The Question has been closedby
I opened the database and i found that user's passwords stored as it was provided in UI (in clear text), am i missing something?, is there is any configurations that i missed?!, or really openERP stores passwords like that?
As i know that in term of security it is a very bad practice to store passwords without strong hashing (SHA-256+) and salting!
Well, actually that's a feature, so that it's possible to recover lost passwords.
As for the reason for cleartext passwords: once you switch to encrypted passwords you can't recover user passwords anymore . So enabling it is a choice, because there's no going back. We don't currently plan to make passwords encrypted by default.
See the full discussion on the "base_crypt and users_ldap don't work together" bug report.
EDIT: the above presents publicly available points of view from OpenERP SA people, and does not reflect any personal opinion on the subject.
About This Community
|Asked: 3/17/13, 10:28 AM|
|Seen: 5139 times|
|Last updated: 3/16/15, 8:10 AM|