[Piwik-hackers] Salted Hash For Passwords - Ticket #308
Patrick Joyce
patrick at sandwichboard.com
Sat Jul 19 21:12:52 CEST 2008
I see that sannu reported a bug that Piwik doesn't currently salt the
hash for passwords (http://dev.piwik.org/trac/ticket/308). This is
something I had noticed a while back and have been meaning to fix.
I'd be happy to write and submit a patch that will add a per user
salt. This will help protect against dictionary attacks, and will
allow existing users to still login.
However, I need a little direction in terms of the process for
submitting a patch to the piwik core. I see plenty of documentation in
the wiki for how to create a plugin and test the UI, but I don't see a
process for how to contribute to the core.
Specifically I have the following questions:
How do I run the test suite?
What is the preferred way of modifying the DB Schema? (I will need to
add a salt column to the piwik_user table)
Are there existing tests for the Login plugin?
Sorry if the questions are basic. I come from a background of Java,
ASP.Net and pretty much nothing but Ruby and Rails for the past year.
So I'm used to jUnit, nUnit, Test::Unit, and RSpec for tests and not
extremely experienced with PHP. I'm not having the easiest time
following the unit tests.
Thanks,
Patrick Joyce
More information about the Piwik-hackers
mailing list