I got a new install of Roller up an running last night, WITH the password encryption working. Thanks for the help!
- Nelz On 1/16/07, Nelson Carpentier <[EMAIL PROTECTED]> wrote:
I think that the eventual move to a default of "true" is a good idea... In the meantime, maybe those password security settings should be highlighted under Section 8.1's "What properties you should set" heading in the Roller Install Guide. Thanx! (And sorry for being alarmist...) - Nelz On 1/16/07, Dave <[EMAIL PROTECTED]> wrote: > You can turn on password protection by overriding these properties: > > # Password security settings > passwds.encryption.enabled=false > passwds.encryption.algorithm=SHA > > We default it to false to avoid breaking earlier installations that > still use plain text passwords. > > Perhaps it's time to switch to true and document a utility to convert > passwords from unencrypted to encrypted (doc and fix this up: > http://tinyurl.com/yxttur). > > - Dave > > > > On 1/16/07, Nelson Carpentier <[EMAIL PROTECTED]> wrote: > > Hey All... > > > > So, I was lookin' through one of my Roller installs last night, 'cuz I > > was having some trouble... But in the process I was taking a gander > > through the database. > > > > Then, in the immortal words of Keanu Reeves, I said "Whoa!" Was that > > my password I spied, in plain text!?! Say it ain't so!!! > > > > Did I have something mis-configured? I'm not sure, I'd have to check > > my other Roller instance... > > > > Is this by design? If it is, shouldn't we put a caution on the > > "register" page encouraging people to have passwords different than > > what they would normally use in a "high security" situation? (Even if > > that is implicitly understood by tech-advanced people, the explicit > > reminder to the less-techy or less careful wouldn't be wasted...) > > > > If this *is* an oversight, I'll put an entry into JIRA. (I'd also > > suggest we look at putting in some sort of preference for the login > > page to be over HTTPS, then fall to HTTP when HTTPS is not > > available...) I may be able to help work on the issue in the next > > coming weeks as well, but I can guarantee, 'cuz I'm getting ready to > > move... > > > > Thanks all! > > > > - Nelz > > >
