That should be the only place, it is called from the some methods of the User model object. So you could modify it to always hash new passwords in a different way, but check old passwords with sha1 first, then something else. Although it might be nice to move the functionality into security.validate_user_input since it is really specific to user passwords, especially with those changes. I'd be happy to see this go into main with sha256 or something similar. Also, we could consider adding a random per-user salt field if you are really concerned about this. -- James Taylor, Assistant Professor, Biology/CS, Emory University On Thu, May 2, 2013 at 10:21 AM, Vipin TS <vipin.ts@gmail.com> wrote:
Hello dev-team, I would like to add the different type of password encryption to the users in my galaxy instance. I started working with the current password encoding script: /home/apps/galaxy-dist/lib/galaxy/util/hash_util.py
I will keep the current sha1 and add another layer of encryption to the sha1 hash, otherwise I need to force all my users to change the password and follow the new hashing method.
Can anyone please point me any other place/script which I missed regarding the encryption/decryption of user authentication.
thanks in advance, --/Vipin
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/