From dev-return-111247-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Mon Apr 9 19:31:50 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id F3BAF180645 for ; Mon, 9 Apr 2018 19:31:49 +0200 (CEST) Received: (qmail 11510 invoked by uid 500); 9 Apr 2018 17:31:42 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 11482 invoked by uid 99); 9 Apr 2018 17:31:42 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 09 Apr 2018 17:31:42 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id A333F1800C7; Mon, 9 Apr 2018 17:31:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.879 X-Spam-Level: * X-Spam-Status: No, score=1.879 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 1RBsfChRXFz3; Mon, 9 Apr 2018 17:31:40 +0000 (UTC) Received: from mail-oi0-f53.google.com (mail-oi0-f53.google.com [209.85.218.53]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 8DE2C5F1E7; Mon, 9 Apr 2018 17:31:40 +0000 (UTC) Received: by mail-oi0-f53.google.com with SMTP id 71-v6so8419795oie.12; Mon, 09 Apr 2018 10:31:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=duji11yWVjJRUTkRqpPRRr7rV579KchAL1CXsQ/VQ0w=; b=QsTH7CER2G3bpD69m4dzJJXJeu5dJz0kdqMsfoJHXRzEvHtMS3qP83uAoBQtOvZUgV sMa2RymMURkFa4HluBdzXJQw1EbuwiaTGmtxYl3QxbcIHvGM0Atcy9oQAHKKDUcnZqxB hcwSpQI3XPijBdnSJz6cfMviVhNGKIv3z/q1PWKLwdcvfpd2oHu7amZ5Mkltaida+JRV 07fVXKYFIp+8zSUDVTe7ZNBpD3zbdfVUTM8lraM7L8g9tRH54pUZ+x5yWkVEqWKG2hAd eeYfXpMF8gfgX+wTcaZKNYLwccvXfayODXrGADxg2qYOcb00vsXvjvWvRTZQn/irNrDq fKMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=duji11yWVjJRUTkRqpPRRr7rV579KchAL1CXsQ/VQ0w=; b=UfBG5rI1qiZBVIEVw33WsLFWXrw945MsZmVaa5yQ3sOm+iuvvfio3XJclmTYUbsNZe gX9TrlHAIq7DsrsJ37EwSRpgMdfGXmtsezwBEPaBxTAInMZB5ntdXRXGgoaGDCu19O9O UHhveEn8n55pW9QpaUjioxywE6stz1vOC7v474H3b5ocMo+c0/02/uUITlspoycMc0UO jMnD9bJMN6wRLBvaOJlhuWRdoOyPhe7kdV5+BgJQULSxjZAmRCvhZ4ACAKYVj3AkwPU2 GbadbfpWJprbVqrD54UlXP9BIKljOc7ueEKT6mOMicVHiOr4Sk3yY6pJ685YGHYCSZSu MIag== X-Gm-Message-State: ALQs6tDcKb1t+0IO9dC0KamhIoH9vC5yDdSPc66xhDyopvldvcrhxKHk ygQQ2FIqLxVuufEpbSXsBgQz3NBWnCn8CsH1WunTxB5w X-Google-Smtp-Source: AIpwx4/lBJTMg4gUK6rC6Vt8+zzGqSu94Eoe8LCCHwCrW26v2AXoCCcMCplWu3NFKRMNkHhL0nN6gjGsjlU2/AJpOC8= X-Received: by 2002:aca:668e:: with SMTP id m14-v6mr21516347oik.90.1523295099727; Mon, 09 Apr 2018 10:31:39 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:2a35:0:0:0:0:0 with HTTP; Mon, 9 Apr 2018 10:31:39 -0700 (PDT) From: =?UTF-8?Q?Rafael_Weing=C3=A4rtner?= Date: Mon, 9 Apr 2018 14:31:39 -0300 Message-ID: Subject: Remove 'md5Hashed' variable from Javascript To: users , dev Content-Type: multipart/alternative; boundary="0000000000004ebeae05696dc725" --0000000000004ebeae05696dc725 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello fellow CloudStackers, Today I was working on CLOUDSTACK-5235, which is a security issue, and I noticed a variable =E2=80=98md5Hashed=E2=80=99 in the javascript that does = not seem to be useful at all. This variable was used to control if we hash or not the password of users in the user side (browser). However, we no longer hash the password on the user side. All of the password processing is executed in the server side according to the priority of hashing mechanism defined by the administrator. I am addressing this cleanup with this PR https://github.com/apache/cloudstack/pull/2555. If you have any objections regarding this variable and its relate code removal, please do so. Otherwise, we will proceed to remove it. -- Rafael Weing=C3=A4rtner --0000000000004ebeae05696dc725--