Radicore Forum: Bug Reports » login fails after upgrade to ver 1.42

Home » RADICORE development » Bug Reports » login fails after upgrade to ver 1.42 (if passwords stored as plain text (workround details outlined))

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

Sun, 28 December 2008 16:25

David Lee
Messages: 44
Registered: June 2006

Member

I upgraded a system that stored passwords as plain text Sad

, including updating the menu database and table. After this, I could not log in.

I think that the update to the menu database reset the password storage to encrypted. I have solved my problem by

Edit the config.inc file to output all sql queries
Try logging in as a user - this fails
extract the encrypted password from the saved sql query
replace the plain text password in the menu database with the encrypted password, using, in my case phpmyadmin

This needs repeating for all users with plain text passwords

Generally, the best option is do not use plain text passwords. As this is a one-time problem, I expect to use the work round rather than have a patch issued.

However, does my workround expose a security weakness if logging of sql queries are enabled?

Report message to a moderator

[Message index]

		login fails after upgrade to ver 1.42 By: David Lee on Sun, 28 December 2008 16:25
		Re: login fails after upgrade to ver 1.42 By: AJM on Mon, 29 December 2008 06:22
		Re: login fails after upgrade to ver 1.42 By: David Lee on Mon, 29 December 2008 15:56
		Re: login fails after upgrade to ver 1.42 By: AJM on Tue, 30 December 2008 05:08

Previous Topic:	Problem extending sql_from
Next Topic:	Problem in implementing FAQ 81

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Tue May 28 23:27:26 EDT 2024

Total time taken to generate the page: 0.00946 seconds