[
https://issues.apache.org/jira/browse/OFBIZ-1406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12543026
]
Scott Gray commented on OFBIZ-1406:
-----------------------------------
Who said I was talking about you? :-P
Anyway, I really am no expert here so I'm not sure about a couple of things:
1. OSCommerce is but one system people might migrate from, do we want code for
each of them applied in this manner?
2. If we change the current byte array to hex method, won't that break
existing passwords? Can we make it backwards compatible somehow? Since the
byte to hex conversion is reversible perhaps we could provide a service to
correct the stored password hashes?
Perhaps we should leave things as is and code like Han's could do a conversion
on the hex itself? Perhaps an incorrect hex value is a security feature in
itself?
> make ofbiz recognize OSCommerce generated and imported encrypted passwords
> under Linux
> --------------------------------------------------------------------------------------
>
> Key: OFBIZ-1406
> URL: https://issues.apache.org/jira/browse/OFBIZ-1406
> Project: OFBiz
> Issue Type: New Feature
> Components: party
> Affects Versions: SVN trunk
> Reporter: Hans Bakker
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: password.diff
>
>
> If company replaces their OSCommerce systems with ofbiz, they would like to
> have the customer records imported including the OSCommerce generated
> encrypted passwords.
> This patch will make ofbiz recognize these passwords and let OSCommerce users
> login to ofbiz successfully This patch is however linux based because it is
> making use of the Linux operating system command 'md5sum' which operates
> exactly the same as the php md5 'C' program.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
