Hi all, I have just merged the great work by Jan Stepien which upgrades our sha hashing of passwords to the better BCrypt hashing. This merge has implications for you: * you cannot migrate old to new hashes without knowing your password. Since only the hash is stored, we cannot automatically migrate your password * tracks is able to distinguish old hashed passwords from new hashed passwords. The new hash is longer (therefore you need to migrate your database to support longer hashes) * when you log in using your old password, you will be redirected to a form requesting a new password (your old password should then be accepted too). This will regenerate your password-hash with the new hashing method. * this is one way: if you want to downgrade, Tracks will reset all passwords to 'secret' so you remain able to log in (migration.down)
So please make backups before upgrading to latest master, don't forget to migrate and keep the above in mind. For the long run I'm thinking of integrating Devise and/or MultiAuth, but that will be a non-trivial change :-) Thanks Jan! Reinier _______________________________________________ Tracks-discuss mailing list [email protected] http://lists.rousette.org.uk/mailman/listinfo/tracks-discuss
