Initial password set by module is weak.
barry_johnson - April 17, 2008 - 17:11
| Project: | Webserver authentication |
| Version: | 5.x-0.0-rc1 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs work |
Jump to:
Description
The initial password "cyan" is weak and easily exploited if the regular drupal auth is also enabled.
This patch sets the password to a unique random string.
| Attachment | Size |
|---|---|
| webserver_auth.module.initial_password.patch | 1.27 KB |
#1
any reason we should not use user_password() like user.module does?
#2
None at all. I'm just a newbie to drupal and didn't realize it existed :-)