Use OpaqueEnvelopes for all passwords in Phabricator
dd70c5946505
Actions

Authored by epriestley <git@epriestley.com> on Jul 17 2012, 21:06.

Description

Use OpaqueEnvelopes for all passwords in Phabricator

Summary:
See D2991 / T1526. Two major changes here:

PHP just straight-up logs passwords on ldap_bind() failures. Suppress that with "@" and keep them out of DarkConsole by enabling discard mode.
Use PhutilOpaqueEnvelope whenever we send a password into a call stack.

Test Plan:

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Committed

epriestley <git@epriestley.com>

Jul 17 2012, 21:06

Pushed

aubort

Jan 31 2017, 17:16

Parents

Branches

Unknown

Tags

Unknown

epriestley <git@epriestley.com> committed rPHdd70c5946505: Use OpaqueEnvelopes for all passwords in Phabricator (authored by epriestley <git@epriestley.com>).Jul 17 2012, 21:06

				Path
	M			scripts/user/account_admin.php
	M			src/aphront/console/plugin/errorlog/DarkConsoleErrorLogPluginAPI.php
	M			src/applications/auth/controller/PhabricatorLDAPLoginController.php
	M			src/applications/auth/controller/PhabricatorLoginController.php
	M			src/applications/auth/ldap/PhabricatorLDAPProvider.php
	M			src/applications/people/PhabricatorUserEditor.php
	M			src/applications/people/controller/settings/panels/PhabricatorUserPasswordSettingsPanelController.php
	M			src/applications/people/storage/PhabricatorUser.php