[ic] BUG: default encrypted admin password is not portable
Mark Stosberg
mark@summersault.com
Tue, 19 Sep 2000 15:25:42 -0500
Hello,
I recently set up Interchange 4.5.5 for the first time. My OS is
FreeBSD 3.1 and I'm using Perl 5.005_02.
Things went fairly smoothly, but I could not log into the
administrative interface because of a "password mismatch error". Since I
was using the correct username and the default 'pass' word, I suspected
that the failure was because that the encryption of the original text
varied from the way my system did it. I proceeded to try to encrypt my
own password the way that Minivend does using my systems native "crypt"
system. I produced a new encrypted password like this:
> cd ~mvend/lib
> perl -e 'use Vend::Util; print crypt("pass",Vend::Util::random_string(2))."\n";'
After pasting the result over the old password in access.txt, I was able
to access the admin area with the username 'pass' as I expected.
I recommend that Interchange creates the default encrypted passwords in
a manner like this as part of the "makecat" process, rather than relying
on the OS to have a compatible encryption system.
Thanks,
-mark
personal website } Summersault Website Development
http://mark.stosberg.com/ { http://www.summersault.com/