Hi,
Using SC8, after the security module is created with the MD5 option for passwords, when you update any info of a user from the security module, the password is saved in plain text, no more MD5 algorithm is used. You can see the clear password from the database table “users”.
caga
SC should look into it, but meanwhile it’s pretty easy to add the MD5({password}) into the onvalidate event.
Thank you aducom.
I dont know if there is a variable for the password but in the update form there is no password field. If this is the case maybe in the onvalidate event we can read and write again with MD5.
No, you can set the password only once, then it’s up to the end-user to change his password. But again, it’s pretty easy to modify the generated applications to your specs. Just edit the form and add the necessary fields.
Hello,
Issue reported to our bugs team.
regards,
Bernhard Bernsmann
[QUOTE=cagabit;30098]Hi,
Using SC8, after the security module is created with the MD5 option for passwords, when you update any info of a user from the security module, the password is saved in plain text, no more MD5 algorithm is used. You can see the clear password from the database table “users”.
caga[/QUOTE]
At first, you should hide the password fields in update mode (client form). Soon after, check what our friend, aducom he said.
If the problem still persists, please tell me step by step to your current problem.
Thank you so much.
The Problem is Real,
here is a step by step instruction.
Reproduction
1 Step
Generating Security with MD5 settings via Module on SC Main Menu->Options (Remember User and Password)
2 Step
Run sec_Login and login
Go in the Sec Menu select “Users” the grid sec_grid_sec_users was shown
3 Step
In this grid select “Edit”, the form sec_form_edit_users was opening, but i can’t see the login and pwd fields, ok no problem!
4 Step
Save it without any changes.
5 Step
Run sec_Login and you can see, that you can’t login, becouse the password was wrong.
then look in the table, the Password was in cleartext. By the next Login of this User, the password was wrong. Logical.
If you want to add a new group for example, by the next login, “Access denied”!
And the “workaround” written by Adocum, dosn’t work also, sorry. Or i misunderstand his way.
He write “it’s pretty easy to add the MD5({password}) into the onvalidate event.”
I have done this. i have inserted MD5({password}) on onValidate in the “sec_form_edit_users”?!?
the result
Parse error: syntax error, unexpected ‘$_SESSION’ (T_VARIABLE) in D:\Programme\NetMake\v8\wwwroot\scriptcase\app\BlueOrganizer\sec_form_edit_users\sec_form_edit_users_apl.php on line 1370
You understanding what i mean?
i knowing, i don’t now, near to 50 basic bugs from SC. Elementary things. If you construct a new car, is better you drive first, so you can see if the basic requrements are up and running. For example, if you have 4 wheels, lights, signal and all ohter basic things.
An other little bug, in this security story, if you change the theme, the edit forms for user or Controls dosn’t change the theme, very ugly.
Now i have a workaround, but when leaf my App running 2 hours whitout logout, my app lose the involved global variable. Automatic logout?
I hope the problem with MD5 was fixed in the next days, i have my rollout at the end of january