Thanks :) I'll be on vacation for the next 2 weeks, with rare access to the email from my phone, so no rush :)
On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <[email protected]> wrote: > ok.. need to think about it... ;-) > > I will be back in office next week... maybe with "THE IDEA".. or maybe > not... ;-) > > Greetings Peter > > Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik: > >> It is all discussible :) >> >> 3.0.7 still uses MD5CryptImplementation >> <https://github.com/apache/openmeetings/blob/3.0.x/src/util/ >> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java> >> which >> is not secure at all :((( >> We can add back SHA256Implementation >> <https://github.com/apache/openmeetings/blob/3.1.x/openmeeti >> ngs-util/src/main/java/org/apache/openmeetings/util/ >> crypt/SHA256Implementation.java> >> >> ( >> available since 3.1.x) for compatibility reasons, but I'm afraid there is >> no clean way to perform backup and preserve passwords ..... >> >> I thought maybe we can add "Reset All passwords" admin function, but it is >> totally insecure :( >> Any ideas are appreciated :) >> >> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <[email protected]> wrote: >> >> Hi, >>> >>> I think further investigation is not needed. I just didn't see it >>> before... >>> >>> Is this behavior the final state? Then it will be difficult to update my >>> installation (3.0.7). This also should the problem with any installation >>> before 3.3.0. Isn't it? >>> >>> Greetings Peter >>> >>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik: >>> >>> Hello Peter, >>>> >>>> these debug messages are OK during import (I can perform further >>>> investigation, but I believe this is not an issue) >>>> >>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger >>>> Password rules ... >>>> You were unable to login after restore from backup since Password Crypt >>>> was >>>> changed to the SCrypt, which is stronger than SHA512 used before >>>> >>>> >>>> >>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <[email protected]> wrote: >>>> >>>> I tried to reset the password. I got following message: >>>> >>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required" >>>>> >>>>> Could this be the Problem? I think this shouldn't be like that, because >>>>> there wasn't such restriction before. >>>>> >>>>> Greetings Peter >>>>> >>>>> >>>>> >>>>> >>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn: >>>>> >>>>> Hi Maxim, >>>>> >>>>>> I wanted to try out html5 video components... >>>>>> >>>>>> While importing my backup (worked before) I got a lot of these >>>>>> messages >>>>>> below. >>>>>> >>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40 >>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login :: >>>>>> [GRANTED] >>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40 >>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login :: >>>>>> [DENIED] >>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40 >>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login :: >>>>>> [DENIED] >>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40 >>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login :: >>>>>> [DENIED] >>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40 >>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login :: >>>>>> [DENIED] >>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40 >>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login :: >>>>>> [DENIED] >>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40 >>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login :: >>>>>> [DENIED] >>>>>> >>>>>> I never noticed these ones before. After starting the server, I >>>>>> couldn't >>>>>> login with my admin user. "Username/email and/or password are >>>>>> incorrect." >>>>>> >>>>>> Any Ideas? >>>>>> >>>>>> Greetings Peter >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >> -- WBR Maxim aka solomax
