[ic] Protocol for encrypting passwords on existing system

Paul Jordan paul at gishnetwork.com
Tue Sep 27 13:42:17 UTC 2011


> From what I gather in the archives circa 2004, the idea would be to:


 

#0 Backup Userdb

 

:-)

 

Paul


> #1 Pause sign-ins
>
> #2 Loop over existing records with the crypt filter, or for Mysql try:
> update userdb set passwordfield=encrypt(passwordfield)
>
> #3 Turn on UserDB crypt 1
>
> The only alterations needed to the store itself would be moving from a
> "password reminder" system into a "password reset" system.
>
> Does this sound complete? Any caveats one should be aware of?
>
> Thank you 		 	   		  


More information about the interchange-users mailing list