[stable10] Dont't expose hashed password in ocs api#34691
Conversation
339ba7c to
a1206cd
Compare
Codecov Report
@@ Coverage Diff @@
## stable10 #34691 +/- ##
===============================================
- Coverage 64% 45.03% -18.98%
===============================================
Files 1276 116 -1160
Lines 75801 11465 -64336
Branches 1291 1291
===============================================
- Hits 48515 5163 -43352
+ Misses 26907 5923 -20984
Partials 379 379
Continue to review full report at Codecov.
|
Codecov Report
@@ Coverage Diff @@
## stable10 #34691 +/- ##
===========================================
Coverage 64% 64%
Complexity 19247 19247
===========================================
Files 1276 1276
Lines 75801 75801
Branches 1291 1291
===========================================
Hits 48515 48515
Misses 26907 26907
Partials 379 379
Continue to review full report at Codecov.
|
a1206cd to
31b47dc
Compare
|
@IljaN what did you test exactly ? just the API calls or did you retest the share link dialog to see if it still detects a password presence / absence ? if not, please also test the latter |
|
@PVince81 Works as expected (see top-post) |
|
@IljaN please port to master |
|
Forward port to |
Description
Don't expose hashed password in ocs api
Related Issue
Motivation and Context
Mostly hardening. Attacker could brute-force the password if he knows the internal salt and instance-id
How Has This Been Tested?
Types of changes
Checklist:
Open tasks: