New module 'Secure Password Hashes' with core patch applied
This commit is contained in:
parent
3251330c4c
commit
6a3eb66d19
10 changed files with 1171 additions and 2 deletions
22
modules/phpass/README.txt
Normal file
22
modules/phpass/README.txt
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
|
||||
This module implements secure password hashes using backported code from
|
||||
Drupal 7, which is the outcome of http://drupal.org/node/29706.
|
||||
|
||||
This module requires PHP 5.2.4 as a minimum version (the same as Drupal 7).
|
||||
|
||||
IMPORTANT - this module cannot be disabled except via SQL or upgrading to
|
||||
Drupal 7. Disabling will mean all users will have to login via password-reset
|
||||
links.
|
||||
|
||||
Upgrading to Drupal 7 should be seamless as long as the core version is
|
||||
>= 7.9. That is the first release that includes the fix at
|
||||
http://drupal.org/node/1205138. The hashes stored in the {users} table
|
||||
by this module are fully compatible with the Drupal 7 password system.
|
||||
|
||||
The default Drupal 6 and before password hashes are insecure. MD5 has
|
||||
long been known to be crackable, and we should not be storing passwords
|
||||
using this.
|
||||
|
||||
There has been a long discussion about this. See http://drupal.org/node/29706
|
||||
and http://drupal.org/node/1201444 for in-depth discussions. Do not post
|
||||
issues about anything already discussed there.
|
||||
Reference in a new issue