#1 Support crypted/MD5 passwords

Next_minor_Release
open
Karl Dietz
None
5
2012-10-03
2001-10-10
Steffen Dettmer
No

web500gw has the abilitiy to change passwords.
Passwords are stored in plain text always, and by this,
this feature is not usable at all.

It would be nice if support for crypt and MD5 passwords
could be added if possible.

Discussion

  • Karl Dietz
    Karl Dietz
    2001-10-26

    Logged In: YES
    user_id=79369

    This sounds like a nice feature.
    Changing passwords should be fairly easy to implement.
    Cleartext over the web but stored encrypted.
    Pseudo code:
    password was md5?
    y - encrypt md5 before storing
    password was des?
    y - encrypt des before storing
    store as clean text

    For newly added passwords it's a bit more work. The
    problem is, you can't know what encryption is provided...

    At the moment I'm out of time. But this definately is a
    nice feature to have. Maybe you could jump in and help out?

     
  • Logged In: YES
    user_id=22327

    First, I wouldn't recommend cleartext / HTTP. It may be
    possible to use somethink like sslwrap or running web500gw
    in CGI mode via HTTPS from the webserver. At least the last
    should work, ain't?

    Second, I would recommend at least as option to specify the
    algorithm to use on any encryption in the conf file. I would
    like to have MD5 always, no users choice. But well, this is
    a policy thing. Alternativly the HTML Form may get a new
    button or SELECT box.

    Currently I'm short in time, too and cannot estimated the
    needed time. Seems to requires some MD5 lib which needs to
    be added. Well, crypt shouldn't be a problem. If I'll find
    some time I will try it, and will send you a patch - but
    don't rely on that :)

    Thank you.

     
  • Karl Dietz
    Karl Dietz
    2001-10-29

    Logged In: YES
    user_id=79369

    I have looked through the code i got from other users and
    realized, that crypted passwords are somehow supported in
    the local modifications from Queen Mary Univerity. If you
    have the time to look through the code I could put it on
    a website.