Update password hash algorithm to SHA256#6638
Conversation
mitchelsellers
left a comment
There was a problem hiding this comment.
I think this is a good change. So long as others are ok with this @valadas I think we just need to find out how to document/note this in the release notes? Or maybe it goes in dnndocs?
|
What we discussed is that would be for new installs only. But we would document how to migrate to it for upgrades. We need to test the process but if I remember correctly you just have run an sql script to force password reset upon next login. |
|
@valadas ok, deleted my comment as I didn't notice the "new installs only" remark. And yes, password reset is the only way foward for existing users. |
|
@r90727 you got me scratching my head a bit there, I was replying to a ghost lol... |
|
@valadas I thought we had targeted included this one in the RC, did I mis-remember? |
Added documentation for Membership Providers configuration This will be useful to link to from the release notes of the next DNN version considering this PR dnnsoftware/Dnn.Platform#6638
|
Ok, what do you guys think of this documentation here DNNCommunity/DNNDocs#766 |
|
Yes, this should be in 10.2.0 |
This PR updates the default hash algorithm to SHA256. It does not add any logic for migrating users from SHA1 hashes, it only affects new installations.
I have tested that password history works as expected.
Fixes #6614