Issues

ZF-10232: Zend_OpenId_Provider encrypts password to md5 no matter what

Issue Type: Improvement Created: 2010-07-26T16:39:36.000+0000 Last Updated: 2012-11-20T21:37:33.000+0000 Status: Open Fix version(s): Reporter: Nathan Hazout (nasht00) Assignee: None Tags: - Zend_OpenId

Related issues: Attachments:

Description

I am trying to make my existing website and user base into an OpenId provider. The code for Zend_OpenId_Provider->login() uses md5, however my existing user base does not support MD5. Shouldn't it be a setting or option to use md5, another encryption, or none?

Comments

Posted by Nathan Hazout (nasht00) on 2010-07-26T17:26:07.000+0000

Actually the issue is more complex than I thought.

The code is if (!$this->_storage->checkUser($id, md5($id.$password)))

Why $id.$password?

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts