openmeetings-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Dähn <da...@vcrp.de>
Subject Re: Error while import backup
Date Wed, 24 May 2017 10:03:23 GMT
ok.. then good luck...

and best wishes when you are back... ;-)



Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
> Thanks :)
>
> I'll be on vacation for the next 2 weeks, with rare access to the email
> from my phone, so no rush :)
>
> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <daehn@vcrp.de> wrote:
>
>> ok.. need to think about it... ;-)
>>
>> I will be back in office next week... maybe with "THE IDEA".. or maybe
>> not... ;-)
>>
>> Greetings Peter
>>
>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>
>>> It is all discussible :)
>>>
>>> 3.0.7 still uses MD5CryptImplementation
>>> <https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>> which
>>> is not secure at all :(((
>>> We can add back SHA256Implementation
>>> <https://github.com/apache/openmeetings/blob/3.1.x/openmeeti
>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>> crypt/SHA256Implementation.java>
>>>
>>> (
>>> available since 3.1.x) for compatibility reasons, but I'm afraid there is
>>> no clean way to perform backup and preserve passwords .....
>>>
>>> I thought maybe we can add "Reset All passwords" admin function, but it is
>>> totally insecure :(
>>> Any ideas are appreciated :)
>>>
>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <daehn@vcrp.de> wrote:
>>>
>>> Hi,
>>>> I think further investigation is not needed. I just didn't see it
>>>> before...
>>>>
>>>> Is this behavior the final state?  Then it will be difficult to update my
>>>> installation (3.0.7). This also should the problem with any installation
>>>> before 3.3.0. Isn't it?
>>>>
>>>> Greetings Peter
>>>>
>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>
>>>> Hello Peter,
>>>>> these debug messages are OK during import (I can perform further
>>>>> investigation, but I believe this is not an issue)
>>>>>
>>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>>>> Password rules ...
>>>>> You were unable to login after restore from backup since Password Crypt
>>>>> was
>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>
>>>>>
>>>>>
>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <daehn@vcrp.de> wrote:
>>>>>
>>>>> I tried to reset the password. I got following message:
>>>>>
>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>>>>
>>>>>> Could this be the Problem? I think this shouldn't be like that, because
>>>>>> there wasn't such restriction before.
>>>>>>
>>>>>> Greetings Peter
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>>
>>>>>> Hi Maxim,
>>>>>>
>>>>>>> I wanted to try out html5 video components...
>>>>>>>
>>>>>>> While importing my backup (worked before) I got a lot of these
>>>>>>> messages
>>>>>>> below.
>>>>>>>
>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
>>>>>>> [GRANTED]
>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
>>>>>>> [DENIED]
>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
>>>>>>> [DENIED]
>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
>>>>>>> [DENIED]
>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
>>>>>>> [DENIED]
>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
>>>>>>> [DENIED]
>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
>>>>>>> [DENIED]
>>>>>>>
>>>>>>> I never noticed these ones before. After starting the server,
I
>>>>>>> couldn't
>>>>>>> login with my admin user. "Username/email and/or password are
>>>>>>> incorrect."
>>>>>>>
>>>>>>> Any Ideas?
>>>>>>>
>>>>>>> Greetings Peter
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>

Mime
View raw message