Check out the LimeSurvey source code on GitHub!

Admin password storage and treatment

More
3 years 3 days ago #103856 by FF82
In order to use LimeSurvey in our company, our security departement wants to know how storage and treatment of the administrator passwords is done (Hashing algorithm, salt used, how many hashing rounds).
I couldn't find any information about this, is there anybody who can give me this information or knows how to get it?

Please Log in to join the conversation.

More
3 years 3 days ago #103862 by Ben_V
Hello,

Limesurvey hash the password using SHA256 and the result is stored into the db in a BLOB field.

For `lime_users` original table structure a sample is available here
( username="admin" & password="password" )
.

BenoƮt

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
All LS releases => bit.ly/1VMuTDu | 2.06lts => bit.ly/1Qv44A1
Demo surveys => goo.gl/HuR6Xe (already included in /docs/demosurveys)

Please Log in to join the conversation.

More
3 years 2 days ago #103882 by FF82
Hi Ben_V,

thank you very much for your help.

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form