openmeetings-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maxim Solodovnik <solomax...@gmail.com>
Subject Re: Error while import backup
Date Wed, 24 May 2017 10:04:21 GMT
Thanks :)

On Wed, May 24, 2017 at 5:03 PM, Peter Dähn <daehn@vcrp.de> wrote:

> ok.. then good luck...
>
> and best wishes when you are back... ;-)
>
>
>
>
> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>
>> Thanks :)
>>
>> I'll be on vacation for the next 2 weeks, with rare access to the email
>> from my phone, so no rush :)
>>
>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <daehn@vcrp.de> wrote:
>>
>> ok.. need to think about it... ;-)
>>>
>>> I will be back in office next week... maybe with "THE IDEA".. or maybe
>>> not... ;-)
>>>
>>> Greetings Peter
>>>
>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>
>>> It is all discussible :)
>>>>
>>>> 3.0.7 still uses MD5CryptImplementation
>>>> <https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>> which
>>>> is not secure at all :(((
>>>> We can add back SHA256Implementation
>>>> <https://github.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>> crypt/SHA256Implementation.java>
>>>>
>>>> (
>>>> available since 3.1.x) for compatibility reasons, but I'm afraid there
>>>> is
>>>> no clean way to perform backup and preserve passwords .....
>>>>
>>>> I thought maybe we can add "Reset All passwords" admin function, but it
>>>> is
>>>> totally insecure :(
>>>> Any ideas are appreciated :)
>>>>
>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <daehn@vcrp.de> wrote:
>>>>
>>>> Hi,
>>>>
>>>>> I think further investigation is not needed. I just didn't see it
>>>>> before...
>>>>>
>>>>> Is this behavior the final state?  Then it will be difficult to update
>>>>> my
>>>>> installation (3.0.7). This also should the problem with any
>>>>> installation
>>>>> before 3.3.0. Isn't it?
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>>
>>>>> Hello Peter,
>>>>>
>>>>>> these debug messages are OK during import (I can perform further
>>>>>> investigation, but I believe this is not an issue)
>>>>>>
>>>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>>>>> Password rules ...
>>>>>> You were unable to login after restore from backup since Password
>>>>>> Crypt
>>>>>> was
>>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <daehn@vcrp.de>
wrote:
>>>>>>
>>>>>> I tried to reset the password. I got following message:
>>>>>>
>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>>>>>
>>>>>>> Could this be the Problem? I think this shouldn't be like that,
>>>>>>> because
>>>>>>> there wasn't such restriction before.
>>>>>>>
>>>>>>> Greetings Peter
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>>>
>>>>>>> Hi Maxim,
>>>>>>>
>>>>>>> I wanted to try out html5 video components...
>>>>>>>>
>>>>>>>> While importing my backup (worked before) I got a lot of
these
>>>>>>>> messages
>>>>>>>> below.
>>>>>>>>
>>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login
>>>>>>>> ::
>>>>>>>> [GRANTED]
>>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login
>>>>>>>> ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login
>>>>>>>> ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login
>>>>>>>> ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login
>>>>>>>> ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login
>>>>>>>> ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login
>>>>>>>> ::
>>>>>>>> [DENIED]
>>>>>>>>
>>>>>>>> I never noticed these ones before. After starting the server,
I
>>>>>>>> couldn't
>>>>>>>> login with my admin user. "Username/email and/or password
are
>>>>>>>> incorrect."
>>>>>>>>
>>>>>>>> Any Ideas?
>>>>>>>>
>>>>>>>> Greetings Peter
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>


-- 
WBR
Maxim aka solomax

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message