After migration from Typo3 4.5 to 6 then 7, 8, 9, 10 arriving to version 11, the frontend users login password don't work anymore, i thought that they will be encrypted from the upgrade process.
I have spend a lot of time doing this migration process, and now discover that the passwords are stored in the database as a clear text e.g. "password123".
I have around 900 fe users that now can't access to the website.
How can i fix this, is there any solution to make them work ?
Thank you!
Maybe, implementing your own hash mechanism could help getting old passwords work again:
https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/ApiOverview/PasswordHashing/Index.html#adding-a-new-hash-mechanism
Related
I am looking for a mechanism for users table password field decryption or un-hash for Drupal 7. decryption is required for one of my project. this users table data need to be migrated in another system. any help will be appreciated. thanks in advance.
As of Drupal 7, there is no way to decrypt user passwords ... full stop.
For more details, refer to the answers to this question on Drupal.SE.
Concur with Pierre. Drupal 7 hashes are true hashes and therefore not 'reversible'. The original plaintexts must be known in order to verify them.
Your only other options are either:
cracking them, or
intercepting them at a low level as users successfully authenticate.
But both of these can be challenging (and even distasteful) in multiple ways, that are probably outside the scope of this question (as currently written):
technically (How will you crack them, or how will you intercept?)
security-wise (How can you keep the plaintexts safe? How will you destroy the plaintexts afterwards?)
ethically (How can you do this without disclosing user passwords to yourself?)
Our production site we run has potentially been compromised as we saw a big spike in network traffic, which brought down the site.
Since theft has potentially already happen before our patching, what steps should we go through informing our client. Do they need to make any password changes for the admin login, etc. Anything else that is relevant? Do we need to change the db password on our server etc.
Basically yes, all of the above.
There is a flow chart on the [Drupalgeddon project page] (https://www.drupal.org/project/drupalgeddon) that you can follow to help ensure you are dealing with a clean site.
Good luck
first time post here. I have been lurking for a while, and realized you guys knows your stuff. Maybe you can help. I am trying to make a simple online application for employees to login and submit their hours worked for the week. When you login, it should have the current week displayed, (EG 1/16/11 - 1/22/11) then under the date have 7 forms. One for each day of the week. So under Monday, they can type how many hours worked. After submitted it should goto a database and be viewable by an admin, and be archived so we can go back and see their working history. I am pretty flexible when it comes to coding. Though I don't claim to be a code prodigy by any means, I am pretty fluent with WordPress (LAMP Stack) and starting to get into Drupal. I have been playing with a few drupal modules with little luck.
If anyone has some ideas on how I could do this, please let me know! If you know of another open source application that can do this, please let me know. I am not sold 100% on drupal.
The server this will be hosted on is a VPS running CentOS on the standard LAMP stack.
Thank You,
PJ
Here are the steps:
1) Create a node with CCK module as per your need.
2) User Form API or you can directly use Create node form with giving right permissions to your user w.r.t. role
3) Create a view with your created node.
4) Assign a page to view
5) Give access to restricted role
6) Assign user to restricted role, role which will allow user to see the timesheet.
And you are done.
I am to use Blogengine .Net as my blogengine and most of it served well until I realized I have to run this identically on two servers and one database.
When the editor is on server 1, anything he/she posts will be written to the database and will be updated in the in memory post list(static List Posts). Meantime for any user on server 2, nothing done on server 1 is visible because the in memory post there won't be updated.
One life questioning solution is making the editor switch servers from their host files and with a help of a shinny button making them able to reload the posts as
BlogEngine.Core.Post.Reload();
HttpRuntime.Close();
but I really feel there should be a better solution because I m now thinking about would integrating Memcached somewhere here be easy, if not I guess I have to switch from BlogEngine .Net.
Any suggestion would be more than welcome,
Thanks,
Bilsay
I have the same problem. I am running 2 servers and a load balancer to do the work. I first login with the first server, and post the blog. than login on the second server and press the button "reset cache" which I wrote to get the data again from database. But this solution is still troublesome for user comments.
Thanks
There's an extension to help solve this problem:
http://allben.net/post/2009/05/10/Web-Farm-Extension-10
I have a customer that has an old non-existant application; he had a problem with the company that made the application and they won't disclose his database password. He realized that he signed a contract (back then) where it said that he was sort of "renting" the application and they had no right to disclose anything. This customer found out that he's not the only one with the same problem with that company. He's a Dentist and other dentists with the same old application experienced the same problems when trying to buy a new software and attempted to migrate their patients to the new system.
In either case, he wants to open his little firebird database, so we can at least extract some data to our SQL Servers. I have tried with the default 'masterkey' (which is, in fact, 'masterke' due to the 8 char limit) to no avail.
Now I know he could go legal and try to force the company to release his information, but I want to do it the short way. Does anybody know an app that can brute force/crack a legacy Firebird password?
Thanks.
EDIT: The legacy software is "STOMA-W", I cannot even find it on Internet. They are located in Asturias, Spain.
Firebird does not (yet) store passwords inside the database file.
With this in mind, move the database file to another server where the sysdba password is known.
Old Interbase and Firebird had hardcoded backdoor password you might want to try:
user: politically pass: correct
http://www.theregister.co.uk/2001/01/12/borland_interbase_backdoor_exposed
Provided not for the SYSDBA account, you may reset forgotten passwords for users with FlameRobin. After registering the database server on your localhost, use the Manage users... function in the context menu:
Here you get a list of users with options to delete or view/modify properties. If you click on the properties icon, you enter this dialogue where you simply enter the new password twice:
There is also IBConsole which comes packaged with the InterBase/Firebird SDK. It has similar functions.