Willkommen, Gast
Benutzername: Passwort: Angemeldet bleiben:

THEMA: Admin password storage and treatment

Admin password storage and treatment 2 Monate 4 Wochen her #103856

  • FF82
  • FF82s Avatar
  • OFFLINE
  • Fresh Lemon
  • Beiträge: 11
  • Karma: 0
In order to use LimeSurvey in our company, our security departement wants to know how storage and treatment of the administrator passwords is done (Hashing algorithm, salt used, how many hashing rounds).
I couldn't find any information about this, is there anybody who can give me this information or knows how to get it?
Der Administrator hat öffentliche Schreibrechte deaktiviert.

Admin password storage and treatment 2 Monate 4 Wochen her #103862

  • Ben_V
  • Ben_Vs Avatar
  • OFFLINE
  • Platinum Lime
  • Beiträge: 933
  • Dank erhalten: 193
  • Karma: 62
Hello,

Limesurvey hash the password using SHA256 and the result is stored into the db in a BLOB field.

For `lime_users` original table structure a sample is available here
( username="admin" & password="password" )
.
Benoît

goo.gl/Bw5iM => Recherche GG dans le forum français (remplacer "exemple" dans la barre de recherche)
goo.gl/WX8PH => GG search for english forum (Replace "example" in the search bar)
goo.gl/IxiGu => Búsqueda en el foro en español (Cambiar "ejemplo" en la barra de...
Der Administrator hat öffentliche Schreibrechte deaktiviert.

Admin password storage and treatment 2 Monate 4 Wochen her #103882

  • FF82
  • FF82s Avatar
  • OFFLINE
  • Fresh Lemon
  • Beiträge: 11
  • Karma: 0
Hi Ben_V,

thank you very much for your help.
Der Administrator hat öffentliche Schreibrechte deaktiviert.
Moderatoren: ITEd
Ladezeit der Seite: 0.136 Sekunden
Donation Image