On 3/25/15, Jan Nijtmans <[email protected]> wrote: > 2015-03-19 9:07 GMT+01:00 Jan Nijtmans <[email protected]>: > > Even though I like this approach there is a problem: In the "user" table, > the password is not saved as-is, but it takes the form of a hash which > is constructed taking the "project-code" into account. So, as soon as > the project-id of an existing project is changed, all current passwords > stop working: no-one can log-in any more!
Passwords can also be stored as plain-text in the USER.PW field. They do not have to be hashed. The login mechanism tried both the hash and a direct comparison. > > See: > <http://fossil-scm.org/index.html/artifact/475f5dc5fd546d3e?ln=367-382> > > If the project-code is not set, the password is stored unhashed, so that's > the way out as I currently see it. > > Hacking continues ...... > > Regards, > Jan Nijtmans > _______________________________________________ > fossil-dev mailing list > [email protected] > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev > -- D. Richard Hipp [email protected] _______________________________________________ fossil-dev mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
