[Vtigercrm-developers] portal password encryption

Manuel Fernando ptdesigner at gmail.com
Mon Apr 25 14:13:49 GMT 2016


Exactly …

Agree with Alan that posted the best way of doing this.

I didn’t test the recover password process with your Changes but seems ok.

> No dia 25/04/2016, às 14:05, Alan Bell <alan.bell at libertus.co.uk> escreveu:
> 
> 
> 
> On 25/04/16 13:33, Manuel Fernando wrote:
>> And note that some very good merge requests were committed like some weeks ago encryption password but they are not finished or not working.
>> (password is sent as md5 to customer portal and you can only log with hash password even if you change password in customer portal)
>> But my intention here is not get in too much details.
> so that relates to the discussion here
> http://code.vtiger.com/vtiger/vtigercrm/merge_requests/13
> 
> it looks like the current strategy is to use an unsalted MD5 as the hashing function, and to apply an MD5 transform to the passwords in the migration script - which is irreversible and will trash everything if you run the migration script twice for some reason.
> 
> It really isn't ideal and I don't understand why it is being done as the code to do it the "right" way is sat there in the merge request.
> 
> Alan.
> _______________________________________________
> http://www.vtiger.com/




More information about the vtigercrm-developers mailing list