The password hashing algorithm was changed in Bug 9611,
but on Tools > Import patrons, in the text on the right
hand side, it still says:
"'password' should be stored in plaintext, and will be
converted to a MD5 hash"
This has no practical effect, of course, but to someone
evaluating Koha it might give the false impression that
password security is lower than it really is.
To test:
- Look at Tools > Import patrons and verify that it says
"a MD5 hash"
- Also look at the help page and see the same text
- Apply the patch
- Check that both the tool and the help now says
"a Bcrypt hash"
I'll do a patch for the docs too.
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@gmail.com>