/UpdateIdentityServerHashAlgorithm.ps1
Last active Jan 2, 2019
Update Sitecore's Identity Server to use a more robust hash algorithm for .Net membership. See https://grantkillian.wordpress.com/2019/01/02/sitecore-commerce-security-hardening-note/ for more context.
| $siteNamePrompt = Read-Host "enter Identity Server website name" | |
| $site = get-website -name $siteNamePrompt | |
| $appSettingsPath = "{0}\wwwroot\appsettings.json" -f $site.physicalPath | |
| <# replace: | |
| "PasswordHashAlgorithm":"SHA1"}, | |
| with: | |
| "PasswordHashAlgorithm":"SHA512"}, | |
| #> | |
| (Get-Content $appSettingsPath).replace("""PasswordHashAlgorithm"":""SHA1""},", """PasswordHashAlgorithm"":""SHA512""},") | Set-Content $appSettingsPath |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment