From 45b55fc3eb9118cf4ce5bed843f0c7b1a796fb0c Mon Sep 17 00:00:00 2001 From: Magnus Enger Date: Thu, 5 Jun 2014 09:58:36 +0200 Subject: [PATCH] Bug 12367 - Import patrons still says "MD5 hash" The password hashing algorithm was changed in Bug 9611, but on Tools > Import patrons, in the text on the right hand side, it still says: "'password' should be stored in plaintext, and will be converted to a MD5 hash" This has no practical effect, of course, but to someone evaluating Koha it might give the false impression that password security is lower than it really is. To test: - Look at Tools > Import patrons and verify that it says "a MD5 hash" - Also look at the help page and see the same text - Apply the patch - Check that both the tool and the help now says "a Bcrypt hash" I'll do a patch for the docs too. Signed-off-by: David Cook Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi --- .../prog/en/modules/help/tools/import_borrowers.tt | 2 +- .../intranet-tmpl/prog/en/modules/tools/import_borrowers.tt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/help/tools/import_borrowers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/help/tools/import_borrowers.tt index e6641fd43b..73f0bc1069 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/help/tools/import_borrowers.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/help/tools/import_borrowers.tt @@ -10,7 +10,7 @@
borrowernumber, cardnumber, surname, firstname, title, othernames, initials, streetnumber, streettype, address, address2, city, zipcode, country, email, phone, mobile, fax, emailpro, phonepro, B_streetnumber, B_streettype, B_address, B_address2, B_city, B_zipcode, B_country, B_email, B_phone, dateofbirth, branchcode, categorycode, dateenrolled, dateexpiry, gonenoaddress, lost, debarred, contactname, contactfirstname, contacttitle, guarantorid, borrowernotes, relationship, ethnicity, ethnotes, sex, password, flags, userid, opacnote, contactnote, sort1, sort2, altcontactfirstname, altcontactsurname, altcontactaddress1, altcontactaddress2, altcontactaddress3, altcontactzipcode, altcontactcountry, altcontactphone, smsalertnumber, patron_attributes
-

Important: The 'password' value should be stored in plain text, and will be converted to a md5 hash (which is an encrypted version of the password).

+

Important: The 'password' value should be stored in plain text, and will be converted to a Bcrypt hash (which is an encrypted version of the password).

  • If your passwords are already encrypted, talk to your systems administrator about options
  • diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/import_borrowers.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/import_borrowers.tt index 894dc2a159..40410f8bc9 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/import_borrowers.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/import_borrowers.tt @@ -158,7 +158,7 @@ [% END %]
  • The fields 'branchcode' and 'categorycode' are required and must match valid entries in your database.
  • -
  • 'password' should be stored in plaintext, and will be converted to a MD5 hash (if your passwords are already encrypted, talk to your system administrator about options).
  • +
  • 'password' should be stored in plaintext, and will be converted to a Bcrypt hash (if your passwords are already encrypted, talk to your system administrator about options).
  • Date formats should match your system preference, and must be zero-padded, e.g. '01/02/2008'. Alternatively, you can supply dates in ISO format (e.g., '2010-10-28').
  • -- 2.39.5