I'm trying to port an existing, home grown authentication system to use RESTful Authentication (and then RoleRequirement on top of that). I am concerned about how best to handle the existing user data in my users table so that legacy (pre-RESTful Auth users) can log in. I already have an existing users table with salt and hashed versions of passwords, so I'm assuming that I will simply have to have a way to detect which user records are pre-existing and ensure that I run the MD5 against them the "legacy" way. Obviously, all new user records end up with the RESTful Auth. hashing method applied to their passwords. I'm looking for advice from anyone who has had to do this type of conversion before. Thanks, Wes
on 2009-04-02 01:36
on 2009-04-02 11:39
If you are happy with the security of your original hashing then you could just patch restful auth to use your existing technique. 2009/4/1 Wes G. <firstname.lastname@example.org>
on 2009-04-02 16:34
> I'm looking for advice from anyone who has had to do this type of > conversion before. > > Thanks, > Wes One way could be to allow users to reset the password by requesting a token sent by email. So that everybody will be forced to update their passwords. You'll have to make it super clear so that users won't get upset seeing they can't log in anymore.