You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by bu...@apache.org on 2002/03/04 23:17:30 UTC
DO NOT REPLY [Bug 6862] New: -
Admin resetting password when encryption is turned on
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6862>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6862
Admin resetting password when encryption is turned on
Summary: Admin resetting password when encryption is turned on
Product: Jetspeed
Version: 1.3a3-dev / CVS
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Normal
Priority: Other
Component: Security
AssignedTo: jetspeed-dev@jakarta.apache.org
ReportedBy: mark_orciuch@ngsltd.com
If password encryption feature is turned on
(services.SecurityService.secure.passwords=true in tr.props) and password is
reset by the administrator via user-form.vm, the password is saved in database
unencrypted. Need to modify UserUpdateAction to do something like:
user.setPassword(TurbineSecurity.encryptPassword(user.getPassword()))
Or need to encrypt inside of JetspeedSecurity.saveUser.
I'm few months behind on Jetspeed source code so I can' provide a patch right
now and it should be a simple one line change (I did verify that current
Jetspeed works the same way). If patch is required, I can get one together in
few weeks :)
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>