[ic] Protocol for encrypting passwords on existing system
paul at gishnetwork.com
Tue Sep 27 13:23:58 UTC 2011
>From what I gather in the archives circa 2004, the idea would be to:
#1 Pause sign-ins
#2 Loop over existing records with the crypt filter, or for Mysql try:
update userdb set passwordfield=encrypt(passwordfield)
#3 Turn on UserDB crypt 1
The only alterations needed to the store itself would be moving from a
"password reminder" system into a "password reset" system.
Does this sound complete? Any caveats one should be aware of?
More information about the interchange-users