You can turn on password protection by overriding these properties:
# Password security settings passwds.encryption.enabled=false passwds.encryption.algorithm=SHA We default it to false to avoid breaking earlier installations that still use plain text passwords. Perhaps it's time to switch to true and document a utility to convert passwords from unencrypted to encrypted (doc and fix this up: http://tinyurl.com/yxttur). - Dave On 1/16/07, Nelson Carpentier <[EMAIL PROTECTED]> wrote:
Hey All... So, I was lookin' through one of my Roller installs last night, 'cuz I was having some trouble... But in the process I was taking a gander through the database. Then, in the immortal words of Keanu Reeves, I said "Whoa!" Was that my password I spied, in plain text!?! Say it ain't so!!! Did I have something mis-configured? I'm not sure, I'd have to check my other Roller instance... Is this by design? If it is, shouldn't we put a caution on the "register" page encouraging people to have passwords different than what they would normally use in a "high security" situation? (Even if that is implicitly understood by tech-advanced people, the explicit reminder to the less-techy or less careful wouldn't be wasted...) If this *is* an oversight, I'll put an entry into JIRA. (I'd also suggest we look at putting in some sort of preference for the login page to be over HTTPS, then fall to HTTP when HTTPS is not available...) I may be able to help work on the issue in the next coming weeks as well, but I can guarantee, 'cuz I'm getting ready to move... Thanks all! - Nelz
