Password storage change in PR #537

[Jason Owen]

Hi everyone,

I just merged PR #537, which changes how the PSM stores passwords in the database. If you deploy a new version of the PSM, you won't be able to log in -- and will get errors if you try -- until you take some action.

• If you have mail configured, you can use the "Forgot Password?" link to reset the password of the system user (email: sys...@example.com), then log in with that user to reset the other accounts' passwords.
• If you're comfortable with using psql, you can use the instructions in the pull request to update your database
• Or, you can recreate your database and use the updated seed.sql file, which has been updated with the new password hashes.

This change makes our password storage much more secure, and I'm pleased how quickly and easily we were able to get it in. Our investment in upgrading the version of Spring we're using has already paid off!

Thanks,

Jason

[Cecilia Donnelly]

Thanks for this update, Jason!

I've reset the passwords on the testing site so they use the new encryption system.  You should be able to log in there as usual, but let me know if you have any trouble!

Cecilia

--
You received this message because you are subscribed to the Google Groups "psm-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to psm-dev+unsubscribe@googlegroups.com.
To post to this group, send email to psm...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/psm-dev/786de186-87ca-42b3-a314-428f73884b81%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Cecilia Donnelly
cdon...@opentechstrategies.com