Check out the LimeSurvey source code on GitHub!
Welcome, Guest
Username: Password:

TOPIC: Admin password storage and treatment

Admin password storage and treatment 2 years 10 months ago #103856

  • FF82
  • FF82's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
In order to use LimeSurvey in our company, our security departement wants to know how storage and treatment of the administrator passwords is done (Hashing algorithm, salt used, how many hashing rounds).
I couldn't find any information about this, is there anybody who can give me this information or knows how to get it?
The administrator has disabled public write access.

Admin password storage and treatment 2 years 10 months ago #103862

  • Ben_V
  • Ben_V's Avatar
  • Offline
  • Platinum Lime
  • Posts: 1894
  • Thank you received: 469
  • Karma: 118
Hello,

Limesurvey hash the password using SHA256 and the result is stored into the db in a BLOB field.

For `lime_users` original table structure a sample is available here
( username="admin" & password="password" )
.
BenoƮt

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
All LS releases => bit.ly/1VMuTDu | 2.06lts => bit.ly/1Qv44A1
Demo surveys => goo.gl/HuR6Xe (already included in /docs/demosurveys)
The administrator has disabled public write access.

Admin password storage and treatment 2 years 10 months ago #103882

  • FF82
  • FF82's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 11
  • Karma: 0
Hi Ben_V,

thank you very much for your help.
The administrator has disabled public write access.
Time to create page: 0.267 seconds
Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form