openmeetings-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Dähn <da...@vcrp.de>
Subject Re: Error while import backup
Date Wed, 24 May 2017 09:55:46 GMT
ok.. need to think about it... ;-)

I will be back in office next week... maybe with "THE IDEA".. or maybe 
not... ;-)

Greetings Peter

Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
> It is all discussible :)
>
> 3.0.7 still uses MD5CryptImplementation
> <https://github.com/apache/openmeetings/blob/3.0.x/src/util/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
> which
> is not secure at all :(((
> We can add back SHA256Implementation
> <https://github.com/apache/openmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java>
> (
> available since 3.1.x) for compatibility reasons, but I'm afraid there is
> no clean way to perform backup and preserve passwords .....
>
> I thought maybe we can add "Reset All passwords" admin function, but it is
> totally insecure :(
> Any ideas are appreciated :)
>
> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <daehn@vcrp.de> wrote:
>
>> Hi,
>>
>> I think further investigation is not needed. I just didn't see it before...
>>
>> Is this behavior the final state?  Then it will be difficult to update my
>> installation (3.0.7). This also should the problem with any installation
>> before 3.3.0. Isn't it?
>>
>> Greetings Peter
>>
>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>
>>> Hello Peter,
>>>
>>> these debug messages are OK during import (I can perform further
>>> investigation, but I believe this is not an issue)
>>>
>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>> Password rules ...
>>> You were unable to login after restore from backup since Password Crypt
>>> was
>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>
>>>
>>>
>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <daehn@vcrp.de> wrote:
>>>
>>> I tried to reset the password. I got following message:
>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>>
>>>> Could this be the Problem? I think this shouldn't be like that, because
>>>> there wasn't such restriction before.
>>>>
>>>> Greetings Peter
>>>>
>>>>
>>>>
>>>>
>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>
>>>> Hi Maxim,
>>>>> I wanted to try out html5 video components...
>>>>>
>>>>> While importing my backup (worked before) I got a lot of these messages
>>>>> below.
>>>>>
>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>>> [GRANTED]
>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>>> [DENIED]
>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>>> [DENIED]
>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>>> [DENIED]
>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>>> [DENIED]
>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>>> [DENIED]
>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level Login ::
>>>>> [DENIED]
>>>>>
>>>>> I never noticed these ones before. After starting the server, I couldn't
>>>>> login with my admin user. "Username/email and/or password are
>>>>> incorrect."
>>>>>
>>>>> Any Ideas?
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>

Mime
View raw message