[Vtigercrm-developers] portal password encryption
Manuel Fernando
ptdesigner at gmail.com
Mon Apr 25 14:13:49 GMT 2016
Exactly …
Agree with Alan that posted the best way of doing this.
I didn’t test the recover password process with your Changes but seems ok.
> No dia 25/04/2016, às 14:05, Alan Bell <alan.bell at libertus.co.uk> escreveu:
>
>
>
> On 25/04/16 13:33, Manuel Fernando wrote:
>> And note that some very good merge requests were committed like some weeks ago encryption password but they are not finished or not working.
>> (password is sent as md5 to customer portal and you can only log with hash password even if you change password in customer portal)
>> But my intention here is not get in too much details.
> so that relates to the discussion here
> http://code.vtiger.com/vtiger/vtigercrm/merge_requests/13
>
> it looks like the current strategy is to use an unsalted MD5 as the hashing function, and to apply an MD5 transform to the passwords in the migration script - which is irreversible and will trash everything if you run the migration script twice for some reason.
>
> It really isn't ideal and I don't understand why it is being done as the code to do it the "right" way is sat there in the merge request.
>
> Alan.
> _______________________________________________
> http://www.vtiger.com/
More information about the vtigercrm-developers
mailing list