Converting forum from encrypted passwords
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=11140
Printed Date: 09 April 2026 at 1:00am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Converting forum from encrypted passwords
Posted By: fletch1200
Subject: Converting forum from encrypted passwords
Date Posted: 08 July 2004 at 12:38pm
|
Hello, I have an existing forum that uses encrypted passwords that I would like to convert to using unencrypted passwords for integration reasons. I have loaded the unencrypted passwords from an existing DB and set the blnEncryptedPasswords=false in the two common.asp files, but this does not seem sufficient to complete the transition. Is it possible to do this conversion with an existing forum, and if so what am I missing? Thank you for your help! Regards |
Replies:
Posted By: Str8Dog
Date Posted: 09 July 2004 at 10:16am
|
Honestly, no. WWF uses a one way hash function to encrypt passwords. This means that the password the user gives is put throught a mathmatical computation that is irreversible, the result of that computation is then stored in the database.
You will need to notify your users that you are switching and they will need to use the automated password recovery tool to generate a new password. Given enough warning, your users will hopefully not mind. ------------- http://www.str8dog.com/ - [IMG - http://www.str8dog.com/images/str8dog.gif - I wasn't born with enough middle fingers. |
Posted By: fletch1200
Date Posted: 09 July 2004 at 10:46am
|
Str8Dog, Thank you for your reply. The problem I still have is that I've made the changes to common.asp (both) but when I create a new user it still creates encrypted passwords in the DB. Is there another setting or file that I need to change to stop that behavior? |
Posted By: dpyers
Date Posted: 09 July 2004 at 11:11am
|
It sounds like he already has a list of unencrypted passwords for his users and just want to replace the encryped ones with the unencrypted ones after turning off encryption. I would think you could do it, but you might have to set the registration confirmed indicator as well. When you say that your process this does not seem sufficient, what does that mean? What happens? ------------- 
Lead me not into temptation... I know the short cut, follow me. |
Posted By: WebWiz-Bruce
Date Posted: 09 July 2004 at 11:49am
Turning off encrypted passwords has not been fully tested yet so for this reason and to maintain security in your forum it is not recommended that you turn off encrypted passwords. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
fletch1200 wrote:Posted By: fletch1200
Date Posted: 09 July 2004 at 11:53am
|
dpyers, It still puts encrypted passwords in the DB when I create new users. BTW I'm on 7.9/SQL |
Posted By: rocketdawg
Date Posted: 16 August 2004 at 1:32pm
|
I just had the same problem. Register.asp line 830 'Generate new salt On updating the password once the encryption was turned off, this line needs to be commented out. End of problem. No more encryped insertions. I have no idea if that is the correct method, but it worked for me.
|