| Author |
 Topic  |
|
|
bravo6
Starting Member
USA
18 Posts |
 Posted - 10 August 2003 : 02:37:16
|
Yes it IS a nice feature, but I have a special need (No I am NOT going to say what it is here!     ) and need th PW to be plain text.
The DB is located on a physical drive ELSEWHERE, so I am not too terribly afraid of hackers breaking in and modifying/stealing things.
Besides, If I HAVE anything they want, I need to be making WAY more $s! |
|
|
laser
Advanced Member
Australia
3859 Posts |
Posted - 10 August 2003 : 03:54:43
|
Easiest way is to NOT encrypt the passwords, but if you already have a db ful of encrypted passwords you're going to have to reset eavh one manually AFTER you get rid of the encryption.
What's wrong with having it there ?? .. if you want it for another part of your site, just encrypt that as well. |
 |
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 10 August 2003 : 11:40:47
|
You users may not feel the same way though, I certainly feel safer knowing my passwords are encrypted.
Search here you'll find some posts on how to disable SHA256 (not reccomended or supported by us), but as Laser said if you already have encrypted passwords then your going to have to reset every single one of them.
It is far easier to actually just incorporate the SHA file into anything else your doing it's only one call to a function to encrypt the password then compare it against the stored database value. |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
|
bravo6
Starting Member
USA
18 Posts |
Posted - 10 August 2003 : 12:08:49
|
Right now the ONLY user is me.
My site has NOT gone up yet, so resetting the passwords is not a big deal.
So, the suggestion is to not use encryption.
Other than modify the code, HOW do I do that?!?!?!
I had already figured out that I needed to turn it off. I just couldn't find a nice little option in the admin function. I would prefer not to have to re-do the code, if I don't have to.   |
|
|
|
laser
Advanced Member
Australia
3859 Posts |
Posted - 10 August 2003 : 17:11:06
|
You have to re-do the code BUT it is only a simple change to the SHA function (I think !!!). There is no simple admin function because the vast majority want it encrypted.
I don't think you have explained why you must have it turned off.
PS. Hey, when I first learned that in v.3.4 the passwords were encrypted I was shocked ... no more checking what people's passwords were when they forgot. BUT, now they can reset it all themselves and don't even need to contact me. I can't tell what ANY password is, so it's a lot more secure. I have other parts of my site that authenticate against the Snitz membership, and that works fine as well.
|
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 11 August 2003 : 02:14:18
|
quote:
HOW do I do that?!?!?!
Search the forums here for SHA256 that should locate the answer as it's been given out a bunch of times. |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
|
bravo6
Starting Member
USA
18 Posts |
Posted - 11 August 2003 : 20:01:57
|
Laser:
You're right. I HAVEN'T told you why. For that fact, I said I wouldn't! 
My reasons are my own...
To all:
Thanks for the tips. |
|
|
| |
Topic |
|
Topic Locked
