Welcome, Guest
Username: Password: Remember me

TOPIC: Admin password storage and treatment

Admin password storage and treatment 2 months 3 weeks ago #103856

  • FF82
  • FF82's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
In order to use LimeSurvey in our company, our security departement wants to know how storage and treatment of the administrator passwords is done (Hashing algorithm, salt used, how many hashing rounds).
I couldn't find any information about this, is there anybody who can give me this information or knows how to get it?
The administrator has disabled public write access.

Admin password storage and treatment 2 months 3 weeks ago #103862

  • Ben_V
  • Ben_V's Avatar
  • OFFLINE
  • Platinum Lime
  • Posts: 933
  • Thank you received: 193
  • Karma: 62
Hello,

Limesurvey hash the password using SHA256 and the result is stored into the db in a BLOB field.

For `lime_users` original table structure a sample is available here
( username="admin" & password="password" )
.
Benoît

goo.gl/Bw5iM => Recherche GG dans le forum français (remplacer "exemple" dans la barre de recherche)
goo.gl/WX8PH => GG search for english forum (Replace "example" in the search bar)
goo.gl/IxiGu => Búsqueda en el foro en español (Cambiar "ejemplo" en la barra de...
The administrator has disabled public write access.

Admin password storage and treatment 2 months 3 weeks ago #103882

  • FF82
  • FF82's Avatar
  • OFFLINE
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
Hi Ben_V,

thank you very much for your help.
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.120 seconds
Donation Image