Encrypted Password in database

Hi Partha,

you may want to look at the code and see how it is working:

The client and the server both encrypt a plain-text password using a random hash. The client sends the hashed password to the server. If it matches the servers one then the user did enter the right password. The hash is always another and so the hashed password.

The encryption techniques are unique and should be defined in a JEP.

LG

I’'d love to vote for this. Where do I do that?

You can visit JM-291 to vote for the bug. However, the good news is that I already checked in the fix to make make encrypted passwords work. It will be released in Wildfire 2.6.

Regards,

Matt

I’'m running Wildfire 3.0 (upgraded from 2.5) and I noticed JM-291 is closed … and yes I see i have an encryptedPassword column in my database… and my new accounts have nice encrypted passwords.

The problem is all the old accounts (created in 2.5) are using the plain text ‘‘password’’ still. Is there an easy way I can have all the old accounts have their passwords converted over to the encryptedPassword? I’‘ve dug around the web admin side of things and didn’'t see anythign obvious.

thanks for getting the encryptedPassword thing implimented… it was my biggest sadness about using jabber … I really don’‘t like having to see my users passwords (good ones and bad ones) when I’'m debugging things… there are now some states where it would be illegal for me to know their password w/o their written permission…

-dayne