[Moin-user] email lost password sends password in encrypted form
Ted Stern
dodecatheon at gmail.com
Wed Jan 31 17:14:43 EST 2007
On 31 Jan 2007 12:22:53 -0800, Ted Stern wrote:
>
> My users have been complaining that their emailed passwords do not
> work. I tested this myself and got the following result:
>
> ,----
> | Somebody has requested to submit your account data to this email
> | address.
> |
> | If you lost your password, please use the data below and just enter
> | the password AS SHOWN into the wiki's password form field (use copy
> | and paste for that).
> |
> | After successfully logging in, it is of course a good idea to set a
> | new and known password.
> |
> | Login Name: TedStern
> |
> | Login Password: {SHA}<lots of gobbledy-gook>
> | Login URL: http://<my company's domain>/<wikiname>/UserPreferences
> `----
>
> I can guess that the SHA means that password is encrypted using the
> sha python module. So how do I set things up so the password is
> decrypted for the user? It is unusable as it stands.
>
> Ted
I found this page:
http://moinmoin.wikiwikiweb.de/MoinMoinBugs/ResetPasswordEmailImproperlyEncoded
that seems to describe my problem. I did a check to see whether the
encoded form of my password would have a trailing '=' sign, and it
does. When the encoded version is emailed to me, I do not see the '='
sign.
Perhaps one fix would be to add a trailing string after the password
to avoid putting an = at the end of the line?
Ted
--
dodecatheon at gmail dot com
Frango ut patefaciam -- I break so that I may reveal
More information about the Moin-user
mailing list