I'm looking for some advise on what is the best way to update a site that is currently using useLegacyEncoding set to True and change it to useLegacyEncoding = False. (back office users)
As I understand it, if I make that change all current passwords for back office users will become invalid. So my question is, how do I get back into the back office after making this change so I can set all the passwords again?
That's not quite what I'm asking, but thanks. I'm looking to move from the legacy encoding to the more secure non-legacy. But I'm wondering if anyone has attempted this and managed it without locking themselves out of the back office. If they have, how did they get around it without going back to legacy encoding.
when you change the way passwords are hashed (by changing true to false) the old passwords cannot be revalidated again when logging on with the password, because the hashes just don't match.
So upgrading will give you headaches for all existing users and there's no easy upgrade path. There are some options though:
1) Change the setting and ask all your users to use the "Forgot password"-functionality to generate new passwords for everyone. Or you could do it only for yourself, and then giving everyone a new password via Umbraco and send the password to them.
2) Wait a bit longer before you change this until it's possible in Umbraco to update the hashing algorithm without breaking existing logins. Currently the first step of this issue is implemented; http://issues.umbraco.org/issue/U4-8643. So the way the password is hashed is stored in the table. The only thing left to do is now to implement code to look if there's a difference in algorithm. Hopefully that will be implemented somewhere in 7.7.x.
Changing useLegacyEncoding from True to False
Hi All,
I'm looking for some advise on what is the best way to update a site that is currently using useLegacyEncoding set to True and change it to useLegacyEncoding = False. (back office users)
As I understand it, if I make that change all current passwords for back office users will become invalid. So my question is, how do I get back into the back office after making this change so I can set all the passwords again?
Thanks,
Nik
Hi i have upgraded from 6.1.6 to 7.7.3 and did following:
I had this:
That I changed to this:
I had to add useLegacyEncoding="true" in second line in order to be able to log in backoffice.
Br Ali
Hi Ali,
That's not quite what I'm asking, but thanks. I'm looking to move from the legacy encoding to the more secure non-legacy. But I'm wondering if anyone has attempted this and managed it without locking themselves out of the back office. If they have, how did they get around it without going back to legacy encoding.
Thanks,
Nik
Hi Nik,
when you change the way passwords are hashed (by changing true to false) the old passwords cannot be revalidated again when logging on with the password, because the hashes just don't match.
So upgrading will give you headaches for all existing users and there's no easy upgrade path. There are some options though:
1) Change the setting and ask all your users to use the "Forgot password"-functionality to generate new passwords for everyone. Or you could do it only for yourself, and then giving everyone a new password via Umbraco and send the password to them.
2) Wait a bit longer before you change this until it's possible in Umbraco to update the hashing algorithm without breaking existing logins. Currently the first step of this issue is implemented; http://issues.umbraco.org/issue/U4-8643. So the way the password is hashed is stored in the table. The only thing left to do is now to implement code to look if there's a difference in algorithm. Hopefully that will be implemented somewhere in 7.7.x.
Hope this helps a bit,
Jeffrey
is working on a reply...