openmeetings-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maxim Solodovnik <solomax...@gmail.com>
Subject Re: Error while import backup
Date Wed, 24 May 2017 09:21:05 GMT
It is all discussible :)

3.0.7 still uses MD5CryptImplementation
<https://github.com/apache/openmeetings/blob/3.0.x/src/util/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
which
is not secure at all :(((
We can add back SHA256Implementation
<https://github.com/apache/openmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java>
(
available since 3.1.x) for compatibility reasons, but I'm afraid there is
no clean way to perform backup and preserve passwords .....

I thought maybe we can add "Reset All passwords" admin function, but it is
totally insecure :(
Any ideas are appreciated :)

On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <daehn@vcrp.de> wrote:

> Hi,
>
> I think further investigation is not needed. I just didn't see it before...
>
> Is this behavior the final state?  Then it will be difficult to update my
> installation (3.0.7). This also should the problem with any installation
> before 3.3.0. Isn't it?
>
> Greetings Peter
>
> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>
>> Hello Peter,
>>
>> these debug messages are OK during import (I can perform further
>> investigation, but I believe this is not an issue)
>>
>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>> Password rules ...
>> You were unable to login after restore from backup since Password Crypt
>> was
>> changed to the SCrypt, which is stronger than SHA512 used before
>>
>>
>>
>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <daehn@vcrp.de> wrote:
>>
>> I tried to reset the password. I got following message:
>>>
>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>
>>> Could this be the Problem? I think this shouldn't be like that, because
>>> there wasn't such restriction before.
>>>
>>> Greetings Peter
>>>
>>>
>>>
>>>
>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>
>>> Hi Maxim,
>>>>
>>>> I wanted to try out html5 video components...
>>>>
>>>> While importing my backup (worked before) I got a lot of these messages
>>>> below.
>>>>
>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>> [GRANTED]
>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>> [DENIED]
>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>> [DENIED]
>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>> [DENIED]
>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>> [DENIED]
>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>> [DENIED]
>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>> [DENIED]
>>>>
>>>> I never noticed these ones before. After starting the server, I couldn't
>>>> login with my admin user. "Username/email and/or password are
>>>> incorrect."
>>>>
>>>> Any Ideas?
>>>>
>>>> Greetings Peter
>>>>
>>>>
>>>>
>>>>
>>>>
>>


-- 
WBR
Maxim aka solomax

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message