You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Sascha Rodekamp (JIRA)" <ji...@apache.org> on 2010/07/01 12:11:52 UTC
[jira] Created: (OFBIZ-3842) Security Update for forgotten
passwords
Security Update for forgotten passwords
---------------------------------------
Key: OFBIZ-3842
URL: https://issues.apache.org/jira/browse/OFBIZ-3842
Project: OFBiz
Issue Type: Improvement
Components: ALL COMPONENTS
Affects Versions: SVN trunk
Reporter: Sascha Rodekamp
Fix For: SVN trunk
Attachments: OFBIZ-3842_security.patch
Hi everybody,
here is a patch that generated a radom Password when the "require new password" function is called. In the current Trunk it's a kind of hard coded password that will be send to the user. After generating a new pass the "requireNewPassword" flag will be set to true (configurable).
Have a good day
Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3842) Security Update for forgotten
passwords
Posted by "Sascha Rodekamp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sascha Rodekamp updated OFBIZ-3842:
-----------------------------------
Attachment: OFBIZ-3842_security.patch
> Security Update for forgotten passwords
> ---------------------------------------
>
> Key: OFBIZ-3842
> URL: https://issues.apache.org/jira/browse/OFBIZ-3842
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sascha Rodekamp
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3842_security.patch
>
>
> Hi everybody,
> here is a patch that generated a radom Password when the "require new password" function is called. In the current Trunk it's a kind of hard coded password that will be send to the user. After generating a new pass the "requireNewPassword" flag will be set to true (configurable).
> Have a good day
> Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3842) Security Update for forgotten
passwords
Posted by "Sascha Rodekamp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sascha Rodekamp updated OFBIZ-3842:
-----------------------------------
Attachment: OFBIZ-3842_security.patch
update against the latest trunk
> Security Update for forgotten passwords
> ---------------------------------------
>
> Key: OFBIZ-3842
> URL: https://issues.apache.org/jira/browse/OFBIZ-3842
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sascha Rodekamp
> Assignee: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3842_security.patch, OFBIZ-3842_security.patch, OFBIZ-3842_security.patch
>
>
> Hi everybody,
> here is a patch that generated a radom Password when the "require new password" function is called. In the current Trunk it's a kind of hard coded password that will be send to the user. After generating a new pass the "requireNewPassword" flag will be set to true (configurable).
> Have a good day
> Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3842) Security Update for forgotten
passwords
Posted by "Sascha Rodekamp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sascha Rodekamp updated OFBIZ-3842:
-----------------------------------
Attachment: OFBIZ-3842_security.patch
Hi Erwan,
i think i removed the hint because that the fact that it is auto-generated is not obviously, but if you like to keep it. I created an update for the patch where the password hint is set as before.
Have a good day and thanks for comment.
Sascha
> Security Update for forgotten passwords
> ---------------------------------------
>
> Key: OFBIZ-3842
> URL: https://issues.apache.org/jira/browse/OFBIZ-3842
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sascha Rodekamp
> Assignee: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3842_security.patch, OFBIZ-3842_security.patch
>
>
> Hi everybody,
> here is a patch that generated a radom Password when the "require new password" function is called. In the current Trunk it's a kind of hard coded password that will be send to the user. After generating a new pass the "requireNewPassword" flag will be set to true (configurable).
> Have a good day
> Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-3842) Security Update for forgotten
passwords
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12904553#action_12904553 ]
Erwan de FERRIERES commented on OFBIZ-3842:
-------------------------------------------
Hi Sascha,
why are you removing the hint on the new generated password ?
Cheers,
> Security Update for forgotten passwords
> ---------------------------------------
>
> Key: OFBIZ-3842
> URL: https://issues.apache.org/jira/browse/OFBIZ-3842
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sascha Rodekamp
> Assignee: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3842_security.patch
>
>
> Hi everybody,
> here is a patch that generated a radom Password when the "require new password" function is called. In the current Trunk it's a kind of hard coded password that will be send to the user. After generating a new pass the "requireNewPassword" flag will be set to true (configurable).
> Have a good day
> Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-3842) Security Update for forgotten
passwords
Posted by "Sascha Rodekamp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12886636#action_12886636 ]
Sascha Rodekamp commented on OFBIZ-3842:
----------------------------------------
Hey,
did nobody have a comment to this patch, i find it quiete usefull :-)
Cheers
Sascha
> Security Update for forgotten passwords
> ---------------------------------------
>
> Key: OFBIZ-3842
> URL: https://issues.apache.org/jira/browse/OFBIZ-3842
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sascha Rodekamp
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3842_security.patch
>
>
> Hi everybody,
> here is a patch that generated a radom Password when the "require new password" function is called. In the current Trunk it's a kind of hard coded password that will be send to the user. After generating a new pass the "requireNewPassword" flag will be set to true (configurable).
> Have a good day
> Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-3842) Security Update for forgotten
passwords
Posted by "Sascha Rodekamp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12904565#action_12904565 ]
Sascha Rodekamp commented on OFBIZ-3842:
----------------------------------------
Maybe an additional comment: The fact, that the pw hint refers to an auto generated pw makes it easier for people, which knows ofbiz, to get unauthorized access to the system.
> Security Update for forgotten passwords
> ---------------------------------------
>
> Key: OFBIZ-3842
> URL: https://issues.apache.org/jira/browse/OFBIZ-3842
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sascha Rodekamp
> Assignee: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3842_security.patch, OFBIZ-3842_security.patch
>
>
> Hi everybody,
> here is a patch that generated a radom Password when the "require new password" function is called. In the current Trunk it's a kind of hard coded password that will be send to the user. After generating a new pass the "requireNewPassword" flag will be set to true (configurable).
> Have a good day
> Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (OFBIZ-3842) Security Update for forgotten
passwords
Posted by "Erwan de FERRIERES (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erwan de FERRIERES updated OFBIZ-3842:
--------------------------------------
Assignee: Erwan de FERRIERES
> Security Update for forgotten passwords
> ---------------------------------------
>
> Key: OFBIZ-3842
> URL: https://issues.apache.org/jira/browse/OFBIZ-3842
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sascha Rodekamp
> Assignee: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3842_security.patch
>
>
> Hi everybody,
> here is a patch that generated a radom Password when the "require new password" function is called. In the current Trunk it's a kind of hard coded password that will be send to the user. After generating a new pass the "requireNewPassword" flag will be set to true (configurable).
> Have a good day
> Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-3842) Security Update for forgotten
passwords
Posted by "Sascha Rodekamp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12922501#action_12922501 ]
Sascha Rodekamp commented on OFBIZ-3842:
----------------------------------------
Anything new here?
> Security Update for forgotten passwords
> ---------------------------------------
>
> Key: OFBIZ-3842
> URL: https://issues.apache.org/jira/browse/OFBIZ-3842
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sascha Rodekamp
> Assignee: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3842_security.patch, OFBIZ-3842_security.patch
>
>
> Hi everybody,
> here is a patch that generated a radom Password when the "require new password" function is called. In the current Trunk it's a kind of hard coded password that will be send to the user. After generating a new pass the "requireNewPassword" flag will be set to true (configurable).
> Have a good day
> Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (OFBIZ-3842) Security Update for forgotten
passwords
Posted by "Jacques Le Roux (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-3842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12928182#action_12928182 ]
Jacques Le Roux commented on OFBIZ-3842:
----------------------------------------
This looks good to me, though I'm not sure we want requirePasswordChange=true by default. It should be discussed on dev ML IMO, minor detail anyway.
> Security Update for forgotten passwords
> ---------------------------------------
>
> Key: OFBIZ-3842
> URL: https://issues.apache.org/jira/browse/OFBIZ-3842
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
> Affects Versions: SVN trunk
> Reporter: Sascha Rodekamp
> Assignee: Erwan de FERRIERES
> Fix For: SVN trunk
>
> Attachments: OFBIZ-3842_security.patch, OFBIZ-3842_security.patch, OFBIZ-3842_security.patch
>
>
> Hi everybody,
> here is a patch that generated a radom Password when the "require new password" function is called. In the current Trunk it's a kind of hard coded password that will be send to the user. After generating a new pass the "requireNewPassword" flag will be set to true (configurable).
> Have a good day
> Sascha
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.