User's password is saved to db directly without encryption

Question

xzyaoi opened this issue 9 years ago · comments

I'm using it with Vagrant and I fount it saved user's password without encryption.

Is it a bug?

Weiming Dong · Answer 1 · Tue Dec 08 2015 23:29:15 GMT+0800 (China Standard Time)

@stevefermi yes. you are right. I will apply hashing algorithms like 'bcrypt' on the password and stores it

Weiming Dong · Answer 2 · Fri Dec 11 2015 23:25:18 GMT+0800 (China Standard Time)

@stevefermi now the password has encrypted