[ic] BUG: default encrypted admin password is not portable

Mark Stosberg mark@summersault.com
Tue, 19 Sep 2000 15:25:42 -0500


  I recently set up Interchange 4.5.5 for the first time. My OS is
FreeBSD 3.1 and I'm using Perl 5.005_02.
  Things went fairly smoothly, but I could not log into the
administrative interface because of a "password mismatch error". Since I
was using the correct username and the default 'pass' word, I suspected
that the failure was because that the encryption of the original text
varied from the way my system did it. I proceeded to try to encrypt my
own password the way that Minivend does using my systems native "crypt"
system. I produced a new encrypted password like this:

> cd ~mvend/lib
>  perl -e 'use Vend::Util; print crypt("pass",Vend::Util::random_string(2))."\n";'

After pasting the result over the old password in access.txt, I was able
to access the admin area with the username 'pass' as I expected. 

I recommend that Interchange creates the default encrypted passwords in
a manner like this as part of the "makecat" process, rather than relying
on the OS to have a compatible encryption system. 



personal website             }      Summersault Website Development
http://mark.stosberg.com/    {      http://www.summersault.com/