On Sun, Jul 18, 2010 at 9:55 AM, DrunkenMonk <jona...@gmail.com> wrote:
> If you want backwards compatibility, you could store a data variable > together with the password describing the type of encryption used, and > assume the current encryption if the data variable is not found. > > That way, you could keep the encryption type in site.config, but ask > users to change or re-set passwords using the old encryption at login. > > If you're worried about plaintext passwords, then perhaps a script to > go through the logins and check the length of the passwords stored > could be a solution. I believe most encryption algorythms give fixed > length results, which are longer than the maximum length of the > password, so this check should get them all. > > Does boltwire keep track of which version it was last used with? If so > it would be simple to automate such scripts rather than, as it was > last I used one, requiring the user to dl extra files and execute them > himself. > > Finally, requiring a small number of users to reset their passwords > shouldn't be a massive problem. Doesn't the "lost password" function > work fairly well? Lost password function? Must be new. I had to write my own with a user management package to provide support for managing users which is used with a number of other packages (outside of the wiki). -- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to boltw...@googlegroups.com. To unsubscribe from this group, send email to boltwire+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
