Re: chicken and egg problem with enabling secure passwords

Wed, 09 Oct 2002 12:17:30 -0700 

Doesn't look like that works for me... I'm not sure the mysql hashing 
algorithm matches that of TurbineSecurity, either, so I don't think I can 
use the mysql password() function to create the password in my TURBINE_USER 
table.

Is the solution to perhaps write a dummy script that uses 
TurbineSecurity.encryptPassword() to generate a string for that I manually 
update in mysql/TURBINE_USER?

Derek

At 12:15 PM 10/9/2002, you wrote:

>You can change your password manually in the database with the encrypted 
>one. For example, in mysql, the password "test" sand for 
>"qUqP5cyxm6YcTAhz05Hph5gvu9M=", at least for me :). This is the value I 
>use to initialize my database with default sql scripts. From there, go 
>back into your turbine app, change the property 
>"services.SecurityService.secure.passwords" to the value "true", restart 
>and login with the password "test".
>Another solution will be to make a sql statement to update your account 
>with the new password. It is db specific but, for mysql, the function is 
>"password('test')".
>
>David Worms
>
>On Wednesday, October 9, 2002, at 11:36 AM, Derek Stevenson wrote:
>
>>I'd like to enable the secure passwords feature of turbine by setting the 
>>following in my TurbineResources.properties:
>>
>>services.SecurityService.secure.passwords=true
>>
>>However, when I enable this, none of the existing accounts' passwords 
>>will work as the value stored in the database won't match the hashed 
>>result of the user's entered password.  So, I thought if I could at least 
>>get my admin account to have a secure password, I could log in with that 
>>and set the hashed password in the database for new users by creating new 
>>accounts.  The question is, how do I set the hashed password in the 
>>database for the admin user if I can't actually log in with the admin account?
>>
>>Using TDK 2.1, mysql.
>>
>>Thanks,
>>Derek
>>
>>
>>--
>>To unsubscribe, e-mail:
>><mailto:[EMAIL PROTECTED]>
>>For additional commands, e-mail: 
>><mailto:[EMAIL PROTECTED]>
>
>
>--
>To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to