On May 18, 2006, at 2:34 PM, Kevin Dangoor wrote:
> The password is stored hashed in the database. I just tried it on a > new project. I enter the password in cleartext in CatWalk, and when > it's saved it appears as hashed in the database. I forgot to mention that it doesn't happen like that here. I enter the password in cleartext in Catwalk, but when I browse the resulting table, I see it stored in cleartext aswell. This wasn't so before and I wonder what's causing this behavior. > The only thing that seems to make sense is that the hash is different > for some reason. I just double checked that the hash is only computed > based on the password (no other secret keys or anything like that). Considering what I say above, this is no longer a possible case. The passwords are indeed being stored in cleartext, it seems like there's no encrypt/decrypt going on at all, even though the password encryption is set to md5. But apparently it hashes passwords in your setup. What could then be keeping it from happening that way here? > Are you sure you know the correct password? Absolutely. For now, the fix was simply to edit every user's passwords (it's just a dozen test users, no problems with this). But something's definitely fishy. P. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk -~----------~----~----~----~------~----~------~--~---
