DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6862>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6862 Admin resetting password when encryption is turned on Summary: Admin resetting password when encryption is turned on Product: Jetspeed Version: 1.3a3-dev / CVS Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Normal Priority: Other Component: Security AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] If password encryption feature is turned on (services.SecurityService.secure.passwords=true in tr.props) and password is reset by the administrator via user-form.vm, the password is saved in database unencrypted. Need to modify UserUpdateAction to do something like: user.setPassword(TurbineSecurity.encryptPassword(user.getPassword())) Or need to encrypt inside of JetspeedSecurity.saveUser. I'm few months behind on Jetspeed source code so I can' provide a patch right now and it should be a simple one line change (I did verify that current Jetspeed works the same way). If patch is required, I can get one together in few weeks :) -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
