Security suggestions

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Jaime Fernandez
    Junior Member
    • Sep 2014
    • 6

    Security suggestions

    Hi! I've just installed espocrm and I think that's a great product! Congratulations!
    However I want to comment a couple of security issues:

    - The password in user table is stored hashed with MD5. I suggest to add salt and change MD5 to SHA1 (at least).
    - When I create a new user the password goes in clear text. The better way to handle this is to send a link to the user with a one-time password and force the user to change it. I know that this is a lot of work but is a better solution.

    Thanks!
  • onlineth
    Junior Member
    • Jun 2014
    • 4

    #2
    I would also like something that could email a new user a one time password that they would have to change.

    Comment

    Working...