Hi Matt,
mraible wrote: > > In 2.0.1, password encryption logic moved into the service layer. > > http://issues.appfuse.org/browse/APF-666 > > Click on the FishEye link to see the changes committed to SVN. > > Maybe that has something to do with your issue? In prior versions, the > logic depended on a "encryptPassword" hidden field being created (by > JavaScript). > > On 2/10/08, Rob Hills [EMAIL PROTECTED] wrote: >> My app is based on Appfuse 2.0 (manually upgraded to 2.01) and Struts. >> >> I modified the core classes to add a "Company" attribute to the User >> object. > > Summary: When editing a user, the password is being saved to the DB in > plain text. > > In your UserDaoHibernate class, you have a getUserPassword method which I notice manages to get the user's existing password from the DB without triggering Hibernate to persist any edited user details. I also note that your UserDao class covers this method with the following annotations: @Transactional(propagation = Propagation.NOT_SUPPORTED) Is it this annotation that prevents the getUserPassword method from triggering Hibernate to persist any unsaved edits to the User object, or is it the fact that your query is simply returning a String (rather than a User object)? TIA, Rob Hills Waikiki, Western Australia -- View this message in context: http://www.nabble.com/Appfuse-2.01-%2B-Struts-%2B-modified-core-classes--%3E-password-confusion-tp15397967s2369p15425408.html Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
