You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by William Wong <ke...@verizon.net> on 2001/12/19 23:18:44 UTC

SHA not used when updating user object

There is a bug where changing of user properties by 'admin' or
the current user does not encrypt the password when SHA is set to
true.

The following stmt in UserUpdateAction.java does not seem to
update according to the SHA algorithm when set to true:

rundata.getParamaters().setProperties(user);

I can't seem to find where exactly the SHA algorithm is used.
Although Turbine only sets it correctly when the
TurbineSecurity.encryptPassword() is called in the
DBUserManager.changePassword() but this method is never called.

Only new a/c created use the SHA properly.

Any clues ? Thanks.

-william


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>