Check out the LimeSurvey source code on GitHub!
Welcome, Guest
Username: Password:

TOPIC: Admin password storage and treatment

Admin password storage and treatment 2 years 6 months ago #103856

  • FF82
  • FF82's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
In order to use LimeSurvey in our company, our security departement wants to know how storage and treatment of the administrator passwords is done (Hashing algorithm, salt used, how many hashing rounds).
I couldn't find any information about this, is there anybody who can give me this information or knows how to get it?
The administrator has disabled public write access.

Admin password storage and treatment 2 years 6 months ago #103862

  • Ben_V
  • Ben_V's Avatar
  • Offline
  • Platinum Lime
  • Posts: 1790
  • Thank you received: 439
  • Karma: 110
Hello,

Limesurvey hash the password using SHA256 and the result is stored into the db in a BLOB field.

For `lime_users` original table structure a sample is available here
( username="admin" & password="password" )
.
Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
All LS releases => bit.ly/1VMuTDu | 2.06lts => bit.ly/1Qv44A1
Demo surveys => bit.ly/20NW9V8 (already included in /docs/demosurveys)
The administrator has disabled public write access.

Admin password storage and treatment 2 years 6 months ago #103882

  • FF82
  • FF82's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
Hi Ben_V,

thank you very much for your help.
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.304 seconds
Imprint                   Data Protection Statement                  Revocation information and revocation form