dolibarr-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Dolibarr-dev] Password of members


From: Laurent Destailleur (aka Eldy)
Subject: Re: [Dolibarr-dev] Password of members
Date: Sat, 25 Jun 2016 21:31:13 +0200

I have pushed a PR to fix this for 4.0
Behaviour is: If option to crypt is on (on by default with recent version), then it is both crypted in user and member table and clear field is empty.
If option is off (rare, old setup), then clear appears both in user and member table.

2016-06-25 11:15 GMT+02:00 Xebax <address@hidden>:
2016ko ekainaren 24an, ostirala, Laurent Destailleur (aka Eldy)-ek zion :
> If you need the login id and not the password, just keep the password
> empty. The password for members is not used. It is just an information
> stored when there is need to use dolibarr as a password referencial for
> members.

Hi Laurent,

The login/id and the password are both mandatory.
When creating a member, the password is automatically filled and if
it is cleared, the member cannot be created.
If the password is cleared when modifying a member, it is not modified
at all (that's a bit strange, by the way, I had to check the DB to
confirm this behavior).
The only way I have found to clear the password is to set it to NULL
with a query in DB.

Moreover I am very concerned about the password being stored in clear
text for members. I see no point storing a hashed value for the users
if the same password is stored in clear text in another table.

I propose two improvements:

1) Add an option to the Members module: "Manage a password for
members: Yes/No". This option would be visible only if "Manage a
login/id for members" is enabled.

2) Always store the encrypyted/hashed password and add a method to
check the password (this method should also be available in the web
services).

What do you think about that?
--
Xebax

_______________________________________________
Dolibarr-dev mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev




--
------------------------------------------------------------------------------------
Google+: https://plus.google.com/+LaurentDestailleur-Open-Source-Expert/
Facebook: https://www.facebook.com/Destailleur.Laurent
------------------------------------------------------------------------------------
* Dolibarr (Project leader): http://www.dolibarr.org (make a donation for Dolibarr project via Paypal: address@hidden)
* AWStats (Author) : http://awstats.sourceforge.net (make a donation for AWStats project via Paypal: address@hidden)
* AWBot (Author) : http://awbot.sourceforge.net
* CVSChangeLogBuilder (Author) : http://cvschangelogb.sourceforge.net



reply via email to

[Prev in Thread] Current Thread [Next in Thread]