diff options
author | mkanat%bugzilla.org <> | 2009-01-02 10:11:47 +0100 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2009-01-02 10:11:47 +0100 |
commit | 179e06d7c93760d9764bed65295a95fe0930fc4d (patch) | |
tree | 1692be72b3e74370d175aed81372b7462b55f7df /Bugzilla/Constants.pm | |
parent | 5c8dab4502c311a7d823171b4c89aaffc2e9761b (diff) | |
download | bugzilla-179e06d7c93760d9764bed65295a95fe0930fc4d.tar.gz bugzilla-179e06d7c93760d9764bed65295a95fe0930fc4d.tar.xz |
Bug 211006: Make Bugzilla use SHA-256 instead of crypt() to store hashed passwords in the database
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
Diffstat (limited to 'Bugzilla/Constants.pm')
-rw-r--r-- | Bugzilla/Constants.pm | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm index c08156335..f191f70d4 100644 --- a/Bugzilla/Constants.pm +++ b/Bugzilla/Constants.pm @@ -154,6 +154,9 @@ use File::Basename; MAX_COMPONENT_SIZE MAX_FIELD_VALUE_SIZE MAX_FREETEXT_LENGTH + + PASSWORD_DIGEST_ALGORITHM + PASSWORD_SALT_LENGTH ); @Bugzilla::Constants::EXPORT_OK = qw(contenttypes); @@ -437,6 +440,15 @@ use constant MAX_FIELD_VALUE_SIZE => 64; # Maximum length allowed for free text fields. use constant MAX_FREETEXT_LENGTH => 255; +# This is the name of the algorithm used to hash passwords before storing +# them in the database. This can be any string that is valid to pass to +# Perl's "Digest" module. Note that if you change this, it won't take +# effect until a user changes his password. +use constant PASSWORD_DIGEST_ALGORITHM => 'SHA-256'; +# How long of a salt should we use? Note that if you change this, none +# of your users will be able to log in until they reset their passwords. +use constant PASSWORD_SALT_LENGTH => 8; + sub bz_locations { # We know that Bugzilla/Constants.pm must be in %INC at this point. # So the only question is, what's the name of the directory |