Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

HashMethod in Vanilla

UnderDogUnderDog MVP
edited January 2012 in Vanilla 2.0 - 2.8
This discussion was created from comments split from: Migrating to Vanilla2 from other forum(s): user password scrambling?.

There was an error rendering this rich post.

Comments

  • Options

    Re: HashMethod in Vanilla.

    What about the situation where one imports users not from any of the supported forums?

    Supposed one uses MD5 as the HashMethod, would the string 'MD5' (along with the MD5 encrypted password) enable imported Vanilla users to log in with their password?

    If not, please advise how to resolve such issue (importing users from non-forum application).

    If so, what other encryption methods are supported this way?

    When one specifies 'Vanilla' in column HashMethod, what method is actually fired off?

    Thanks

  • Options
    ToddTodd Chief Product Officer Vanilla Staff

    There is a hash method called django based on the Python framework. This post explains it in detail.

  • Options

    Thanks.

    So, suppose MD5 is used (without salt) and the value of the hashed password is {BinaryStuff}.

    Would one then have md5$${BinaryStuff} in Password and 'django' in HashMethod?

    Sorry for being a bit slow on this...

  • Options
    ToddTodd Chief Product Officer Vanilla Staff

    Yup, exactly.

  • Options

    you can set it to reset. They would receive an email, telling them to set their password.

    grep is your friend.

  • Options

    Thanks to both'o'u.

    Another question (or, should i start a new discussion?)

    I am planning to populate users from a 'foreign' web application (not one of the recognized forums) and I now understand a lot better what i need to do in terms of the User and UserRole tables.

    But, what about the UserAuthentication table? Would one need to populate corresponding rows in this table as well for the initial login via ProxyConnect or should it be left alone?

  • Options

    My comment was intended for the other discussion this was split from, but glad it helps.

    grep is your friend.

  • Options

    x00 said:
    you can set it to reset. They would receive an email, telling them to set their password.

    If I did this with my database (running SQL query to change from 'Vanilla' to 'reset' everyone's HashMethod) would this automatically email my members asking them to reset?

    Probably a silly question but just wanted to clarify.

  • Options

    actually it doesn't do that automatically, it will throw an exception, directing them to the reset link.

    I would use this as a last resort.

    grep is your friend.

  • Options

    I tried to see but didn't work so reset them all back to Vanilla, and sent them all the reset link via a maildrop.

    Folk are filtering back onto the website to that's a good thing.

Sign In or Register to comment.