Ok, these patches are now in TracksApp/master. I merged them in the old bsag/tracks-old before...
Reinier > -----Oorspronkelijk bericht----- > Van: Reinier Balt [mailto:[email protected]] > Verzonden: dinsdag 6 september 2011 16:14 > Aan: [email protected] > Onderwerp: change of encryption of passwords > > Hi all, > > I have just merged the great work by Jan Stepien which upgrades our sha > hashing of passwords to the better BCrypt hashing. This merge has > implications for you: > * you cannot migrate old to new hashes without knowing your password. > Since only the hash is stored, we cannot automatically migrate your password > * tracks is able to distinguish old hashed passwords from new hashed > passwords. The new hash is longer (therefore you need to migrate your > database to support longer hashes) > * when you log in using your old password, you will be redirected to a form > requesting a new password (your old password should then be accepted > too). > This will regenerate your password-hash with the new hashing method. > * this is one way: if you want to downgrade, Tracks will reset all passwords to > 'secret' so you remain able to log in (migration.down) > > So please make backups before upgrading to latest master, don't forget to > migrate and keep the above in mind. > > For the long run I'm thinking of integrating Devise and/or MultiAuth, but that > will be a non-trivial change :-) > > Thanks Jan! > > Reinier _______________________________________________ Tracks-discuss mailing list [email protected] http://lists.rousette.org.uk/mailman/listinfo/tracks-discuss
