Ticket #14 (defect)
Opened 2 years ago
Last modified 2 years ago
Password seed update syncronization issue
Status: closed (fixed)
| Reported by: | merliin | Assigned to: | brieb |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.62 |
| Component: | phpbms | Version: | 0.61 |
| Keywords: | helpNeeded | Cc: | phpbms@prodevstudio.net |
Changing the password seed does not update existing passwords. However this results in locking out the administrator account.
You might wish to make the current administrator password part of the input so you can update the one password that really matter. Or you could provide a shell/php script that allows you to reset the password from the command line for the end users that have zero SQL knowledge.
Attachments
Change History
10/11/06 10:23:14: Modified by brieb
- status changed from new to assigned.
- milestone changed from unknown to 0.62.
10/11/06 13:35:04: Modified by brieb
10/11/06 13:40:43: Modified by brieb
- description changed.
10/11/06 13:43:41: Modified by brieb
merliin,
I changed the text of ticket. By keeping the ticket text limited to the inital bug reporting and potential fix ideas (removing salutations,signatures and other comments) both the development and users can lookup the bug easier. If you have additional comments to the ticket, try to submit them in the comments section in the ticket.
BTW, welcome to the new phpbms.org, and thank you for submitting a warranted fix.
10/12/06 10:15:35: Modified by brieb
- keywords changed from password seed to review.
10/12/06 13:28:32: Modified by brieb
- keywords changed from review to helpNeeded.
10/13/06 12:09:33: Modified by brieb
- status changed from assigned to closed.
- resolution set to fixed.
03/04/07 08:24:10: Modified by ProDevStudio <phpbms@prodevstudio.net>
- cc set to phpbms@prodevstudio.net.
Agreed. The encryption seed thing started as something you set before installing, but one it was taken out of the install process, the only place to put it was in the admin settings, and it never really was flushed out very well. What I think would be a good idea is that when you update the encryption seed, you should have to enter your admin password, and it will reencrypt this password when the seed is changed.
The problem is that this will make useless everyone' password, excluding the current admin, but including other admins. Maybe another discussion... should admins be able to replace or change other admins? Should there be an uber-admin that is usually diabled, but is enabled in the beginning, and re-enabled when the seed is changed?
Thoughts and discussion?