Anope IRC Services

Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: 2 questions about mysql/encryption  (Read 3142 times)

0 Members and 1 Guest are viewing this topic.

idle

  • Guest
2 questions about mysql/encryption
« on: January 10, 2007, 12:17:35 PM »

hello
i have two questions about mysql/enc.

1. i've upgraded to 1.7.18 and there is now a new enc function and config section.
what is the best way to upgrade all existing passwords to the new "correct" md5 encryption?
generate random passwords and send them via mail to the user?
how did you make this changes or want you use enc_old for a long time in the future?

2. if a select md5 encryption for mysql i can't use UseRDB.
can i use this in the future?
i mean.. i don't need any function to send a password to the user so i think it is ok to use UseRDB or do i understand something wrong?

sry for my bad english btw :P
Logged

Jan Milants

  • Team
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 1372
(No subject)
« Reply #1 on: January 10, 2007, 12:24:24 PM »

old passwords cannot be "upgraded" to the correct md5 encryption, and there is currently no way of migrating from the old "broken" md5 encryption to the "correct" one...
so i guess people that have databases encrypted using the old way will continue to use this for a long time in the future. maybe there will be a mod or so that resets all passwords with the new encryption, but currently that s not possible as far as i know...

nr 2 i do not know.. maybe that s a remnant of the anope implementation being broken. anyways, it would only be possible if you use the "correct" md5 encryption...
Logged
If you like me donate coins to 1FBmZVT4J8WAUMHKqpWhgNVj3XXnRN1cCk :)

Pieter Bootsma

  • Team
  • *
  • Offline Offline
  • Posts: 189
    • http://geniusdex.net/
(No subject)
« Reply #2 on: January 10, 2007, 06:06:35 PM »

1) We are aware of this and will probably come with a converting encryption module which converts any old password to a new password when encountered (because users always send them plain text we will know them at identification)

2) You can not use MysqlSecure in combination with UseRDB. The password we receive from MySQL when MysqlSecure is enabled can not be translated back into anything Anope understands without drastically changing the way our MySQL code works. Next to that, MysqlSecure will probably be removed in favor on encryption modules.
Logged
Pages: [1]   Go Up