Copy link to issue

summary

passwords hash

Description

integrate develpment from adaxa Australia in idempiere
http://adempiere.hg.sourceforge.net/hgweb/adempiere/contribution_adaxa/rev/6d9090d8a9f6

Environment

None

Activity

Show:

Juliana Corredor T.

July 28, 2012, 4:34 AM

Copy link to comment

for revision

Carlos Ruiz

August 1, 2012, 6:24 AM

Copy link to comment

https://bitbucket.org/idempiere/idempiere/changeset/aa6c509f154d3cfec350ea4cf1803ac7af982bda
_________________________

CREDITS:

Thanks to Adaxa Australia -> http://adempiere.hg.sourceforge.net/hgweb/adempiere/contribution_adaxa/rev/6d9090d8a9f6
Ken Longnan for iDempiere integration work at -> https://bitbucket.org/longnan/idempiere-longnan
Juliana Corredor for further integration and tests on iDempiere and making the process safer and backward compatible via sysconfig
Carlos Ruiz (globalqss) peer reviewed, tested and finished some extra required
Sponsored by Trek Global -> http://www.trekglobal.com/

_________________________

NOTES:

Implementation is backward compatible, by default iDempiere still uses plain passwords.

A new sysconfig system key was created USER_PASSWORD_HASH defaulting to false.
WARNING!!! Don't change this key directly, it must be changed running the process "Convert password to hashes" as System user.

_________________________

Tests conducted (all passed):

Scenarios:

backward compatibility: plain
backward compatibility: encrypted
new functionality: hash
extra security: hash+encrypted
extra security: encrypted+hash

Tests:

swing login
zkwebui login
webstore login
idempiere monitor login

create new user via User window
create new user via webstore
reset password with process
reset password changing on User window
reset password changing on Contact/BP window
reset password via webstore

_________________________

EXTENSIONS NOT TESTED

webservices login
mobile login

Those need to be checked if integrated to iDempiere

_________________________

Regards,

Carlos Ruiz

August 2, 2012, 5:26 AM

Copy link to comment

https://bitbucket.org/idempiere/idempiere/changeset/4d5f162e3c28117e6798f3729958219e4a389de8

found that Remember Me is incompatible with hash password with actual implementation

Anozi Mada

February 19, 2013, 8:57 AM

Copy link to comment

I have tested webservice with password hash enabled and found a bug. Please check

https://bitbucket.org/idempiere/idempiere/pull-request/66/idempiere-347-remove-unneeded/diff

Carlos Ruiz

March 7, 2013, 3:42 AM

Copy link to comment

Thanks Anozi, I implemented a different solution here:
https://bitbucket.org/idempiere/idempiere/commits/15fd910
The method you proposed to change was deprecated and a different solution implemented.

We would appreciate if you help us to test the approach is right.

Regards,

Carlos Ruiz

Fixed

Assignee

Carlos Ruiz

Reporter

Juliana Corredor T.

Labels

Vancouver2012

Tested By

None

Due date

2012/07/23

Priority

Major

Configure

Kanban

passwords hash

Description

Environment

Activity

Assignee

Reporter

Labels

Tested By

Due date

Priority