OCaml Forge
SCM

Detail: [#319] Add ability to change password

Bugs: Browse | Download .csv | Monitor

[#319] Add ability to change password

Date:
2009-10-11 12:36
Priority:
3
State:
Open
Submitted by:
Frederic F (fredericf)
Assigned to:
Nobody (None)
Version:
None
Resolution:
None
Severity:
enhancement
Operating System:
None
Hardware:
None
 
URL:
Components:
Database
Web
 
Summary:
Add ability to change password

Detailed description
It is currently not possible for a user to change the password, as the password is also used as the encryption key for all documents.

A good way to fix this would be to provide a stored procedure taking user name, old and new password, that:
- Check that the current password is correct, by validating it against the hash in the "account" table
- For every document and every file belonging to that user (if the multi-user feature makes it in before!), decipher the encrypted fields with the old password, and cipher them with the new password
- Update the hash to the new password in the accounts table

Indeed, it would be nice to have all of this into a transaction, recovering from a half-converted state would be quite painful.

Also, this means that changing the password will be a very lengthy operation.

Followup

No Followups Have Been Posted

Attached Files:

Changes:

No Changes Have Been Made to This Item