[Tickets #3739] NEW: customsql auth driver does not work with encryption schemes using salt

bugs@bugs.horde.org bugs at bugs.horde.org
Wed Apr 5 10:31:37 PDT 2006


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=3739
-----------------------------------------------------------------------
 Ticket             | 3739
 Created By         | dorm at dorm.org
 Summary            | customsql auth driver does not work with encryption schemes using salt
 Queue              | Horde Framework Packages
 Version            | HEAD
 State              | Unconfirmed
 Priority           | 1. Low
 Type               | Bug
 Owners             | 
-----------------------------------------------------------------------


dorm at dorm.org (2006-04-05 10:31) wrote:

The customsql auth driver does not work with encryption schemes using a
salt.  This is because the salt used for the current encrypted password is
required in order to validate the plaintext password entered by the user.

customsql.php calls Auth::getCryptedPassword with a salt value of '', and
then authentication fails.

It needs to query the encrypted password from the DB and use that value in
the Auth::getCryptedPassword call.   This adds an extra SQL query, but it is
necessary to get the current salt.





More information about the bugs mailing list