Tweet
Hi! I've just installed espocrm and I think that's a great product! Congratulations!
However I want to comment a couple of security issues:
- The password in user table is stored hashed with MD5. I suggest to add salt and change MD5 to SHA1 (at least).
- When I create a new user the password goes in clear text. The better way to handle this is to send a link to the user with a one-time password and force the user to change it. I know that this is a lot of work but is a better solution.
Thanks!
However I want to comment a couple of security issues:
- The password in user table is stored hashed with MD5. I suggest to add salt and change MD5 to SHA1 (at least).
- When I create a new user the password goes in clear text. The better way to handle this is to send a link to the user with a one-time password and force the user to change it. I know that this is a lot of work but is a better solution.
Thanks!
Comment