[ic] Protocol for encrypting passwords on existing system

Paul Jordan paul at gishnetwork.com
Tue Sep 27 13:23:58 UTC 2011


>From what I gather in the archives circa 2004, the idea would be to:

#1 Pause sign-ins

#2 Loop over existing records with the crypt filter, or for Mysql try: 
update userdb set passwordfield=encrypt(passwordfield)

#3 Turn on UserDB crypt 1

The only alterations needed to the store itself would be moving from a 
"password reminder" system into a "password reset" system.

Does this sound complete? Any caveats one should be aware of?

Thank you

Paul 




More information about the interchange-users mailing list