Bureaucrats, editor, reviewer, Administrators
13,551
edits
Changes
Jump to navigation
Jump to search
As general Please remember basic security measures, please : ensure that your password will not end up in your bash history, and avoid sending passwords via ordinary REST requests.
no edit summary
* A new [[User Module]] is available, which allows user management via '''XQuery'''.
* The md5 password hash has been replaced with '''salted sha256''' and '''digest''' hashes (the current timestamp will be used as salt).
{{Mark|Warning}}: As the available md5 hashes cannot automatically be converted to the new format, existing credentials will be ignored, and you will need to recreate your user data.
Moreover, passwords in commands and XQuery functions are now specified in '''plain text''' (yes!). The rationale behind this is:
* The encoding as md5 has not been safe anyway, because md5 hashes for popular passwords can be easily uncovered with rainbow tables.
==Rules==
