ok.. need to think about it... ;-)
I will be back in office next week... maybe with "THE IDEA".. or maybe
not... ;-)
Greetings Peter
Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
It is all discussible :)
3.0.7 still uses MD5CryptImplementation
<https://github.com/apache/openmeetings/blob/3.0.x/src/util/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
which
is not secure at all :(((
We can add back SHA256Implementation
<https://github.com/apache/openmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java>
(
available since 3.1.x) for compatibility reasons, but I'm afraid there is
no clean way to perform backup and preserve passwords .....
I thought maybe we can add "Reset All passwords" admin function, but it is
totally insecure :(
Any ideas are appreciated :)
On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <[email protected]> wrote:
Hi,
I think further investigation is not needed. I just didn't see it before...
Is this behavior the final state? Then it will be difficult to update my
installation (3.0.7). This also should the problem with any installation
before 3.3.0. Isn't it?
Greetings Peter
Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
Hello Peter,
these debug messages are OK during import (I can perform further
investigation, but I believe this is not an issue)
Current 4.0.0 contains backported code from 3.3.0 which has stronger
Password rules ...
You were unable to login after restore from backup since Password Crypt
was
changed to the SCrypt, which is stronger than SHA512 used before
On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <[email protected]> wrote:
I tried to reset the password. I got following message:
"Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
Could this be the Problem? I think this shouldn't be like that, because
there wasn't such restriction before.
Greetings Peter
Am 24.05.2017 um 10:21 schrieb Peter Dähn:
Hi Maxim,
I wanted to try out html5 video components...
While importing my backup (worked before) I got a lot of these messages
below.
DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
[GRANTED]
DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
[DENIED]
DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
[DENIED]
DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
[DENIED]
DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
[DENIED]
DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
[DENIED]
DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
[DENIED]
I never noticed these ones before. After starting the server, I couldn't
login with my admin user. "Username/email and/or password are
incorrect."
Any Ideas?
Greetings Peter
