Hi Christian,

Yes the password formats need more testing and some documentation before the release and possibly some feature to assist in changing from one format to another.

That MySQL issue is a bug in the table script, need to change that column from varchar(50) to varchar(128). That is also the reason you can't login with the created user, fix the column and create a user and it should work. May also need to check the dbPortal methods for user create and update methods as the params may also be defined as varchar(50). I'll look into fixing these issues tonight and commit to svn.

If you login with site site configured as cleartext then change it to one of the others, you need to update your password before you log out so it gets converted.

I agree we need to code it so it adapts existing users when changed with the following use cases:

Cleartext change to encrypted - encrypt plain passwords for exisitng
Cleartext change to hashed - hash passwords for exisiting users
Encrypted changed to cleartext - decrypt passwords
Encrypted change to hashed - decrypt then hash passwords
Hashed to cleartext - replace password with random password
Hashed to encrypted - replace passwords with random passwords then encrypt them

obviously the change form hashed to anything else is the most problematic since users passwords will all be reset.

None of the above is done yet but this is what I think we need to do before the 2.1 release

Cheers,

Joe

Also, I think I fixed the bug about hashed being stored as clear text.

Hashed is encrypted with one way encryption which cannot be reversed. To login the password entered is hashed and then compared to the hashed version, if it matches the login is ok. Encrypted is handled the same way for login but passwords can be recovered if forgotten because the encryption is 2 way and can be decrypted.

I will add some documentation for this in the Site Administration section soon.

Cheers,

Joe