Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • mahara mahara
  • Project information
    • Project information
    • Activity
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Model experiments
  • Activity
  • Graph
  • Commits
Collapse sidebar
  • maharamahara
  • maharamahara
  • Repository
  • mahara
  • htdocs
  • lib
  • db
  • upgrade.php
Find file Blame History Permalink
  • Hugh Davenport's avatar
    Add a sitewide salt that isn't in the db · 5a714bf7
    Hugh Davenport authored Nov 15, 2011
    This salt is used to add an extra layer of salting that
    isn't visible from the database. This requires attackers
    to obtain both the database, and the config.php file to
    get the true salt value that is passed to crypt.
    
    Bug #843568
    
    See http://docs.moodle.org/20/en/Password_salting
    
    
    
    Change-Id: Iaa575a4724e387104f9e436c07b336ef8c7ebef5
    Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
    Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
    5a714bf7