On 10/15/2009 01:09 PM, Vincent Massol wrote:
On Oct 15, 2009, at 10:56 AM, Sergiu Dumitriu wrote:
On 10/14/2009 06:59 PM, notifications(a)xwiki.org
wrote:
Hello Developers,
This message is sent by XWiki. Here are the documents in your
watchlist
that have been modified since the last notification:
XWiki.flavius
Between 2009/10/12 15:15 and 2009/10/12 15:17, the document
has
been modified 2 times, by 2 user(s): Flavius Olaru, Jerome
Velociter
XWiki.XWikiUsers
password:
hash:SHA-512:ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ffhash:SHA-512:01ee4ab961b2f3f35fce8412d7facc44cd68782ed1b1810e849f21420583df04bee183d2b740d33417584e14fbc0dfc9d6232d2ce814012146840a69fdb2f31f
author: XWiki.jvelociter> XWiki.flavius
^^^
This is not right.
I was wondering too. Can you be more specific about what's not right?
Password changes should not be sent in plain text on this email.
Fortunately the default password is hashed, but:
- this is configurable, so some wikis could have plain text passwords
- hashes are getting easier to break, with advances in cryptography and
mass computing
- other classes could use custom unencrypted password fields
- most other places where fields are displayed hide the password (XML
export, access throught the API, the object editor...)
So, we either don't display it at all, or we display a generic
"password: this value has changed"
--
Sergiu Dumitriu
http://purl.org/net/sergiu/