Developer forum

Forum » CMS - Standard features » Users Passwords Encryption

Users Passwords Encryption

E-mail notifications
Kevin O''Driscoll
Reply
Posted on 14/04/2015 14:00:59

Hi were using 8.4.1.19 Dynamicweb and have standard shop and users have to login to see medical products.

We need to replicate the standard DW login (registration is somewhat extended) with standard password encryption on a remote database. For password encryption what system is used and where are the encryption keys stored?

We need also to implement a password reset service from the remote database, but capture and authenticate in DW with auto login.

Any pointers to some comprehensive documentation?

Rgds Kev

 


Replies

 
Nicolai Høeg Pedersen
Posted on 14/04/2015 15:05:10
Reply

Hi Kevin

The passwords in DW database are not encrypted but hashed - so you cannot move the passwords...

There is no password reset service, but you can create your own. Simply override the AccessUserPassword column on the AccessUser table with the new password - either as clear text or as a MD5 hash - like this: Md5(password + "DwSecret")

You can make an autologin link like this: ?Username=aValidUserName&PwToken=Md5(password + "DwSecret")

 
Kevin O''Driscoll
Posted on 14/04/2015 16:40:38
Reply

OK thanks Nicoli, there is another table AccessUserPassword.AccessUserPasswordPassword

Does this also store the current plain text version or/and the previous password versions before reset?

 
Nicolai Høeg Pedersen
Posted on 14/04/2015 20:31:13
Reply

Hi Kevin

It only stores previous passwords - and stores them in cleartext or hashed depending on your solution settings.

BR Nicolai

 

You must be logged in to post in the forum