comparison docs/CHANGES @ 5922:25900eaeb864

passlib integration - enhanced password hash security Docs for passlib: http://packages.python.org/passlib/ Updated docs/CHANGES about the moin integration. Updated docs/REQUIREMENTS about passlib requirements. Added/Adapted related unit tests. Added logging for password hash processing errors.
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 19 Jan 2013 00:32:21 +0100
parents f2fb4b3ed8e5
children 9894a3344118
comparison
equal deleted inserted replaced
5920:fe7003b1cc4d 5922:25900eaeb864
14 * The GUI WYSIWYG editor has still some issues and limitations. 14 * The GUI WYSIWYG editor has still some issues and limitations.
15 If you can't live with those, you can simply switch it off by using: 15 If you can't live with those, you can simply switch it off by using:
16 editor_force = True 16 editor_force = True
17 editor_default = 'text' # internal default, just for completeness 17 editor_default = 'text' # internal default, just for completeness
18 18
19 Version 1.9.6: 19 Version 1.9.current:
20
21 SECURITY HINT: make sure you have allow_xslt = False (or just do not use 20 SECURITY HINT: make sure you have allow_xslt = False (or just do not use
22 allow_xslt at all in your wiki configs, False is the internal default). 21 allow_xslt at all in your wiki configs, False is the internal default).
23 Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page. 22 Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
24 23
25 HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details. 24 HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.
25
26 New features:
27 * passlib support - enhanced password hash security
28
29 Docs for passlib: http://packages.python.org/passlib/
30
31 If cfg.passlib_support is True (default), we try to import passlib and set it
32 up using the configuration given in cfg.passlib_crypt_context (default is to
33 use sha512_crypt with default configuration from passlib).
34
35 The passlib docs recommend 3 hashing schemes that have good security, but
36 some of them have additional requirements:
37 sha512_crypt needs passlib >= 1.3.0, no other requirements.
38 pbkdf2_sha512 needs passlib >= 1.4.0, no other requirements.
39 bcrypt has additional binary/compiled package requirements, please refer to
40 the passlib docs.
41
42 cfg.password_scheme should be '{PASSLIB}' (default) to tell that passlib is
43 wanted for new password hash creation and also for upgrading existing
44 password hashes.
45
46 For the moin code as distributed in our download release archive, passlib
47 support should just work, as we have passlib 1.6.1 bundled with MoinMoin
48 as MoinMoin/support/passlib. If you use some other moin package, please
49 first check if you have moin AND passlib installed (and also find out the
50 passlib version you have installed).
51
52 If you do NOT want to (not recommended!) or can't use (still using python
53 2.4?) passlib, you can disable it your wiki config:
54
55 passlib_support = False # do not import passlib
56 password_scheme = '{SSHA}' # use best builtin hash (like moin < 1.9.7)
57
58 Please note that after you have used moin with passlib support and have user
59 profiles with passlib hashes, you can't just switch off passlib support,
60 because if you did, moin would not be able to log in users with passlib
61 password hashes. Password recovery would still work, though.
62
63 password_scheme always gives the password scheme that is wanted for new or
64 recomputed password hashes. The code is able to upgrade and downgrade hashes
65 at login time and also when setting / resetting passwords for one or all
66 users (via the wiki web interface or via moin account resetpw script
67 command).
68
69 So, if you want that everybody uses strong, passlib-created hashes,
70 resetting the passwords for all users is strongly recommended:
71 First have passlib support switched on (it is on by default), use
72 password_scheme = '{PASSLIB}' (also default), then reset all passwords.
73
74 Same procedure can be used to go back to weaker builtin hashes (not
75 recommended): First switch off passlib support, use password_scheme =
76 '{SSHA}', then reset all passwords.
77
78 Wiki farm admins sharing the same user_dir between multiple wikis must use
79 consistent password hashing / passlib configuration settings for all wikis
80 sharing the same user_dir. Using the builtin defaults or doing the
81 configuration in farmconfig.py is recommended.
82
83 Admins are advised to read the passlib docs (especially when experiencing
84 too slow logins or when running old passlib versions which may not have
85 appropriate defaults for nowadays):
86 http://packages.python.org/passlib/new_app_quickstart.html#choosing-a-hash
87 http://packages.python.org/passlib/password_hash_api.html#choosing-the-right-rounds-value
88
89 * Password mass reset support:
90 Resetting the passwords of all wiki users can be done using:
91 moin ... --verbose account resetpw --all-users --notify
92
93 This is useful to make sure everybody sets a new password and moin computes
94 the password hash using the current configuration.
95
96
97 Version 1.9.6:
26 98
27 Fixes: 99 Fixes:
28 * fix remote code execution vulnerability in twikidraw/anywikidraw action 100 * fix remote code execution vulnerability in twikidraw/anywikidraw action
29 * fix path traversal vulnerability in AttachFile action 101 * fix path traversal vulnerability in AttachFile action
30 * fix XSS issue, escape page name in rss link 102 * fix XSS issue, escape page name in rss link