Thanks :) On Wed, May 24, 2017 at 5:03 PM, Peter Dähn <[email protected]> wrote:
> ok.. then good luck... > > and best wishes when you are back... ;-) > > > > > Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik: > >> Thanks :) >> >> I'll be on vacation for the next 2 weeks, with rare access to the email >> from my phone, so no rush :) >> >> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <[email protected]> wrote: >> >> ok.. need to think about it... ;-) >>> >>> I will be back in office next week... maybe with "THE IDEA".. or maybe >>> not... ;-) >>> >>> Greetings Peter >>> >>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik: >>> >>> It is all discussible :) >>>> >>>> 3.0.7 still uses MD5CryptImplementation >>>> <https://github.com/apache/openmeetings/blob/3.0.x/src/util/ >>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java> >>>> which >>>> is not secure at all :((( >>>> We can add back SHA256Implementation >>>> <https://github.com/apache/openmeetings/blob/3.1.x/openmeeti >>>> ngs-util/src/main/java/org/apache/openmeetings/util/ >>>> crypt/SHA256Implementation.java> >>>> >>>> ( >>>> available since 3.1.x) for compatibility reasons, but I'm afraid there >>>> is >>>> no clean way to perform backup and preserve passwords ..... >>>> >>>> I thought maybe we can add "Reset All passwords" admin function, but it >>>> is >>>> totally insecure :( >>>> Any ideas are appreciated :) >>>> >>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <[email protected]> wrote: >>>> >>>> Hi, >>>> >>>>> I think further investigation is not needed. I just didn't see it >>>>> before... >>>>> >>>>> Is this behavior the final state? Then it will be difficult to update >>>>> my >>>>> installation (3.0.7). This also should the problem with any >>>>> installation >>>>> before 3.3.0. Isn't it? >>>>> >>>>> Greetings Peter >>>>> >>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik: >>>>> >>>>> Hello Peter, >>>>> >>>>>> these debug messages are OK during import (I can perform further >>>>>> investigation, but I believe this is not an issue) >>>>>> >>>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger >>>>>> Password rules ... >>>>>> You were unable to login after restore from backup since Password >>>>>> Crypt >>>>>> was >>>>>> changed to the SCrypt, which is stronger than SHA512 used before >>>>>> >>>>>> >>>>>> >>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <[email protected]> wrote: >>>>>> >>>>>> I tried to reset the password. I got following message: >>>>>> >>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required" >>>>>>> >>>>>>> Could this be the Problem? I think this shouldn't be like that, >>>>>>> because >>>>>>> there wasn't such restriction before. >>>>>>> >>>>>>> Greetings Peter >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn: >>>>>>> >>>>>>> Hi Maxim, >>>>>>> >>>>>>> I wanted to try out html5 video components... >>>>>>>> >>>>>>>> While importing my backup (worked before) I got a lot of these >>>>>>>> messages >>>>>>>> below. >>>>>>>> >>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40 >>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login >>>>>>>> :: >>>>>>>> [GRANTED] >>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40 >>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login >>>>>>>> :: >>>>>>>> [DENIED] >>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40 >>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login >>>>>>>> :: >>>>>>>> [DENIED] >>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40 >>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login >>>>>>>> :: >>>>>>>> [DENIED] >>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40 >>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login >>>>>>>> :: >>>>>>>> [DENIED] >>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40 >>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login >>>>>>>> :: >>>>>>>> [DENIED] >>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40 >>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login >>>>>>>> :: >>>>>>>> [DENIED] >>>>>>>> >>>>>>>> I never noticed these ones before. After starting the server, I >>>>>>>> couldn't >>>>>>>> login with my admin user. "Username/email and/or password are >>>>>>>> incorrect." >>>>>>>> >>>>>>>> Any Ideas? >>>>>>>> >>>>>>>> Greetings Peter >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >> -- WBR Maxim aka solomax
