4952 Posts in 14381 Topics by 1491 members
|Go to End|
1 October 2010 at 12:35am
I've been trying to turn on password encryption for users, but have been having no luck - passwords are still being stored in my db in plaintext. I put the following in _config.php
further digging revealed that is deprecated in 2.4 ... but i have been struggling to find docs to say what I should be doing instead. If anyone could advise me, it would be greatly appreciated!
1 October 2010 at 1:02am
Passwords should be encrypted by default. If they're not, try addingto your _config.
You can encrypt all the current plaintext passwords by running http://your-site/dev/tasks/EncryptAllPasswordsTask
1 October 2010 at 1:07am
Thanks for the reply, unfortunately I've tried what you've suggested and it doesn't seem to have had any impact. I added a new member afterward (through the admin cms) and the password was still stored in plaintext.
I have got default admin user set up ... would that have any impact?
1 October 2010 at 1:09am
If you're using 2.4.0 (or 2.4.1 IIRC), then that is a problem. There was a slight bug that caused the default admin to use plaintext passwords.
1 October 2010 at 3:23am
d'oh! Now I feel stupid
thanks for the tip, sorted that problem now!
|Go to Top|