> Op Di, 2009-03-31 om 00:49 +0100 skryf Flávio Martins: >> Hi, >> >> I believe this patch might help with the MD5/SHA1 migration "issue" of >> user passwords. >> It adds a auth backend for the user.prefs file, the result is that the >> first time a user >> authenticates with Pootle the password matched is used to insert the new >> user. >> >> Please test. This was hacked up in 2 minutes. Also feel free to adjust >> the wording. >> >> Flávio Martins > > Hallo Flávio > > Thank you for the contribution. I haven't really worked much with the > new authentication things, so I can't really review this code > immediately. I am however aware of a bug tracking the creation of an > importer to be able to migrate Pootle 1.2 installations to Pootle 1.3: > > http://bugs.locamotion.org/show_bug.cgi?id=632 > > Would you mind looking into that to see if your work can possibly help > there? My guess is that we rather want to migrate than directly support > the old prefs backend, but I'd like to hear what you think. > > Thank you again > > Keep well > Friedel >
I've had an idea surrounding this and the other requirements posted here. One other approach that would possibly provide long-term flexibility to pootle admin is to support multiple password security mechanisms. Adding a type field to the DB paired with the stored passwd which determines what hash/encrypt the auth stores things as. The auth mechanism would check the existing storage type and either use it or do the submitted update algorithm. Pros: * allows pootle to support more than one security hash * allows admin to select the security method they prefer. * allows seamless migration between security methods. * Pootle 1.2 can be imported as MD5 hash type in one go and the old file dropped. AYJ ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Translate-pootle mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/translate-pootle
