[
https://issues.apache.org/jira/browse/USERGRID-1079?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Todd Nine closed USERGRID-1079.
-------------------------------
> Add 2 endpoints for password hash migration
> -------------------------------------------
>
> Key: USERGRID-1079
> URL: https://issues.apache.org/jira/browse/USERGRID-1079
> Project: Usergrid
> Issue Type: Story
> Reporter: Todd Nine
> Assignee: Todd Nine
>
> It is currently possible to migrate from a 1.0 installation to a 2.1
> installation via a RESTful client. However, due to the inability to securely
> move password hashes, application user's passwords are not retained. Add
> the following.
> # In the 1.x branch, add the ability to retrieve the password hash. This
> should only be allowed by the superuser.
> # In 2.1-release, add the ability to write the password hash to an
> application user. This should only be allowed by the superuser.
> Note that the reason this is only allowed as a superuser is that we want to
> disable this functionality by default. Any UG installation that is public
> facing should not have superuser enable. This allows us to disable this
> functionality in environments that are publicly available environments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
