On 3/25/15, Jan Nijtmans <jan.nijtm...@gmail.com> wrote: > 2015-03-19 9:07 GMT+01:00 Jan Nijtmans <jan.nijtm...@gmail.com>: > > Even though I like this approach there is a problem: In the "user" table, > the password is not saved as-is, but it takes the form of a hash which > is constructed taking the "project-code" into account. So, as soon as > the project-id of an existing project is changed, all current passwords > stop working: no-one can log-in any more!
Passwords can also be stored as plain-text in the USER.PW field. They do not have to be hashed. The login mechanism tried both the hash and a direct comparison. > > See: > <http://fossil-scm.org/index.html/artifact/475f5dc5fd546d3e?ln=367-382> > > If the project-code is not set, the password is stored unhashed, so that's > the way out as I currently see it. > > Hacking continues ...... > > Regards, > Jan Nijtmans > _______________________________________________ > fossil-dev mailing list > fossil-dev@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev > -- D. Richard Hipp d...@sqlite.org _______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
