From: TJ S. <tj...@ca...> - 2012-07-13 00:06:57
|
> I only have password hashes in the database, to re-encrypt them with a > different algorithm I need the cleartext password. Thus, either all > users would have to re-enter it on a website or I tap them when they log > in. Hmm. I see the problem. The proftpd modules I've written go out of their way to ensure that they never log the password, they avoid handling the password whenever possible, and if they do handle the password, it's for as little time as possible. This means that for your particular use case, there is no existing proftpd module which would help. Such a module would need to be developed. Are there others out there who would also benefit from such a module, i.e. one that could possibly interact with mod_sql_passwd in order to help migrate password hashing schemes in SQL tables? If so, I'd be willing to work on such a thing... TJ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Everywhere one seeks to produce meaning, to make the world signify, to render it visible. We are not, however, in danger of lacking meaning; quite the contrary, we are gorged with meaning and it is killing us. -Jean Baudrillard ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |