Confirmed users
491
edits
WebAppSec/Secure Coding Guidelines: Difference between revisions
WebAppSec/Secure Coding Guidelines (view source)
Revision as of 23:23, 3 January 2011
, 3 January 2011→Password Storage
| Line 93: | Line 93: | ||
====Migration==== | |||
The following process can be used to migrate an application that is using a different hashing algorithm than the standard hash listed above. The benefits of this approach is that it instantly upgrades all hashes to the strong, recommended hashing algorithm and it does not require user's to reset their passwords. | |||
'''Migration Process'''<br> | |||
Migrate all password hashes entries in the database as follows. This is a one time, offline migration. | Migrate all password hashes entries in the database as follows. This is a one time, offline migration. | ||
| Line 103: | Line 105: | ||
'''New hash process for new accounts or password changes:'''<br> | '''New hash process for new accounts or password changes:'''<br> | ||
Use standard hashing process [[ | Use standard hashing process [[https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Password_Storage above]] | ||
'''New Login Process'''<br> | '''New Login Process'''<br> | ||