[Vtigercrm-developers] Vtiger Security - Reset passwords for php5.3

[David V.]

Hi all !

Thanks again to all Vtiger's dev for this great Vtiger 5.2 edition !

I still have a question :

Is it just me or it is nearly impossible to find any documentation on the
major password change in Vtiger 5.2 for php 5.3 ?

We have migrated Vtiger 5.1 to Vtiger 5.2 on a lamp with php 5.2. Everything
was fine and perfectly usable.

Then we changed to PHP5.3 and realized that for some user the system was
asking to reset passwords.

The strange things is that I can still connect to the crm as well as several
others. We found out that the ones having admin privilege can still connect
without any problem.

If this password change is for improvement why does it only improve other
users and not admins ?

If it also works for admins without bothering them why does it bother the
other users ?

When looking at the ResetPassword.phpfile it seems that it will reset all
the passwords to the user name. Once again is it only me or are there others
who think this is a big security problem (even if it is temporary) ? Once he
knows the user name of someone anyone can connect using that person's
access.

Here is a link to the file ResetPassword.phpfile
http://trac.vtiger.com/cgi-bin/trac.cgi/browser/vtigercrm/branches/5.2.0/modules/Migration/ResetPassword.phpfile

Where can we find documentations about the WHYs and HOWs of this change ?

Thank you very much in advance.

David V.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20101011/579a031f/attachment-0002.html