October 2008 Archives

freeside password heuristics

| | Comments (0)
Somebody couldn't log into freeside on billing-external and it turned out that freeside assumes any password longer than 12 characters is encrypted when it checks the password. It also guesses that if it is 13 characters it is DES and if it has $ in it it must be md5. The password submitted by the user was 22 characters long and so even though it was unencrypted it didn't match any of the types of password to check, resulting in the error "Can't check password: Unrecognized encryption for svcnum" in the selfservice log file.

In this perl subroutine check_password there was a comment "eventually should check a "password-encoding" field" so hopefully thats done in freeside 1.9, there are supposed to be some schema changes and more configuration in the database. I want to try to install both 1.7 and 1.9 on different virtual hosts on a new domU for testing freeside.

About this Archive

This page is an archive of entries from October 2008 listed from newest to oldest.

November 2008 is the next archive.

Find recent content on the main index or look in the archives to find all content.