[opencms-dev] Getting User Password without logging in

Andy Bicksbo schlachtzeuger at gmail.com
Thu Oct 19 14:55:12 CEST 2006 

Hi

I worked on this the last days and i didn't find a possibility the get a
readble password out of an user. The Password is decoded into md5, i
think, and as far as i k´know, there isn't any possibility the retrieve a
md5 into human readable coding and there's nothing, where opencms retrieves
a password. I'm working currently on a component for opencms, where i need
to build a cmsobject with a user with admin rights, but i don't want to
write a user with it'S password into sourcecode(cmsObject.loginuser(String
username, String password)) nor to change the permissions of every file i
have to alter before doing stuff with it and afterwards. (The user, who
should initiate this component has no adminrights, so i have to switch the
user of cmsObject)

At topic:
But you can directly alter passwords in the db opencms uses(CMS_USER)
At this point, i think it#s not very save, that the db connection stuff is
written readable in the opencms.properties file

Does anybody know a solution?

Thanks for listening
Andy




2006/10/19, Stefan Uldum Grinsted <stefan at e-nation.dk>:
>
> How about creating a new random one, and email that to the user. The user
> can then change it afterwards.
>
> / Stefan
>
> -----Oprindelig meddelelse-----
> Fra: opencms-dev-bounces at opencms.org
> [mailto:opencms-dev-bounces at opencms.org] På vegne af Joachim Arrasz
> Sendt: 19. oktober 2006 12:07
> Til: The OpenCms mailing list
> Emne: Re: [opencms-dev] Getting User Password without logging in
>
> Hi,
>
> > for the function "lost password" ich need the decrypted password from
> > an user.
> >
> > How can i get it?
>
> this is impossible, if this would be possible there is no password
> Security.
>
> Regards
>
> Joachim Arrasz
>
> --
> /**
> * Joachim Arrasz
> * Head of technical Research
> * Synyx GmbH & Co. KG --OpenCms Solution Provider--J2ME Solutions--
> * Karlstr. 68
> * 76137 Karlsruhe
> * phone  +49(0)721 66 48 79 32
> * fax    +49(0)721 66 48 877
> * eMail  joachim.arrasz at synyx.de
> * www    http://www.synyx.de
> */
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list To change your
> list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev
>
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20061019/13e6da66/attachment.htm>

More information about the opencms-dev mailing list