You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by je...@jakarta.apache.org on 2004/09/04 08:15:42 UTC
[jira] Commented: (JS1-516) UserUpdateAction re-encrypts encrypted password when secure.passwords=true
The following comment has been added to this issue:
Author: Jaq Marit
Created: Fri, 3 Sep 2004 11:14 PM
Body:
Has this been fixed by the latest CVS? I think this is still a problem with JS1.6-dev.
---------------------------------------------------------------------
View this comment:
http://issues.apache.org/jira/browse/JS1-516?page=comments#action_52820
---------------------------------------------------------------------
View the issue:
http://issues.apache.org/jira/browse/JS1-516
Here is an overview of the issue:
---------------------------------------------------------------------
Key: JS1-516
Summary: UserUpdateAction re-encrypts encrypted password when secure.passwords=true
Type: Bug
Status: Unassigned
Priority: Major
Project: Jetspeed
Components:
Security
Versions:
1.5
Assignee:
Reporter: Arthur D'Alessandro
Created: Fri, 3 Sep 2004 2:14 PM
Updated: Fri, 3 Sep 2004 11:14 PM
Environment: Database: Postgres
JVM: J2DSK 1.4.02_04
OS: Redhat 9.x/Windows XPSP2
Description:
UserUpdateAction re-encrypts encrypted password when secure.passwords=true
Thus making the edit user capability unusable unless the purpose was to also reset the password.
I've been throwing around something simple, such as:
services.JetspeedSecurity.secure.passwords.allowblank=true|false
UserUpdateAction.doUpdate: Null password is ok, depending on
if secure.passwords=true {
if (password != null) {
forcePassword(user,password)
} else {
if secure.passwords.allowblank {
if (unsetpassword) {
forcePassword(user,"")
}
} else {
// Skip, no changes
}
}
}
Modify user-form.vm, add a checkbox next to password (if secure.passwords.allowblank=true) eg, Unset Password
---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org