•  
      request #9942 Userlog plugin stores session token in clear
    Infos
    #9942
    Thomas Gerbet (tgerbet)
    2017-02-17 16:32
    2017-02-08 16:27
    10235
    Details
    Userlog plugin stores session token in clear
    The userlog plugin stores it but never uses it and it defeats the hardening introduced in the request #9578.
    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Laurence Terrien (ltn)
    Stage
    Empty
    Closed
    2017-02-17
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Integrated into Tuleap 9.4.99.79

    • Status changed from Reopen to Closed
    • Close date set to 2017-02-17
    User avatar
    Thomas Gerbet (tgerbet)2017-02-09 15:03
    A complementary contribution to avoid the slow schema migration during the upgrade is under review: gerrit #7610.

    • Status changed from Closed to Reopen
    • Close date cleared
    User avatar
    Thomas Gerbet (tgerbet)2017-02-08 16:42
    A patch is under review: gerrit #7603

    • Summary
      -Userlog plugin stores the unhashed session token 
      +Userlog plugin stores session token in clear 
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Status changed from Under implementation to Under review