BV Commerce Forum
»
BV Commerce Support
»
General Support
»
379: CLOSED - bvc5 SP1 - password storage issues
Rank: Member
Joined: 4/4/2004(UTC)
Posts: 670
|
re: bvc5 SP1 - password storage issues environment: demo store at: http://demo.bvsoftware.com/browser: ie6.0.2900.2180 steps to reproduce: change admin password. save change password format for admin user to clear text. save. goto /MyAccount_Orders.aspx and change password return to admin. password is saved as hashed. Scott Mech
|
|
|
|
|
|
Rank: Member
Joined: 3/1/2006(UTC)
Posts: 1,142
|
We are unable to retrieve a hashed password. If you change the password to clear text then you must also reset the password. |
Justin Etheredge
Senior Software Engineer
BVSoftware |
|
|
|
|
|
Rank: Member
Joined: 5/24/2004(UTC)
Posts: 4,147
|
Can I vote for getting rid of the clear text method altogether? An admin never needs to see a customer's password, especially since it's so easy to reset them. |
|
|
|
|
|
|
Rank: Member
Joined: 3/1/2006(UTC)
Posts: 1,142
|
Actually, it was in bvc 2 and then taken out in bvc 2004 and tons of people complained. So we had to put it back in bvc5. |
Justin Etheredge
Senior Software Engineer
BVSoftware |
|
|
|
|
|
Rank: Member
Joined: 4/4/2004(UTC)
Posts: 670
|
my point is that while the password is set to clear text.....
i change the password from the store side and the password format reverts back to hashed and does not remain in clear text.
Scott Mech
|
|
|
|
|
|
Rank: Member
Joined: 5/24/2004(UTC)
Posts: 4,147
|
Originally Posted by: "Justin Etheredge"  Actually, it was in bvc 2 and then taken out in bvc 2004 and tons of people complained. So we had to put it back in bvc5. Really, wow. A lot of people use the same password for practically everything, so it seems like an invasion of privacy to me. Amazing that people complained about that. Scott, I noticed that as well. I'd really like to see passwords done differently the People Admin. |
|
|
|
|
|
|
Rank: Member
Joined: 3/1/2006(UTC)
Posts: 1,142
|
We will log this as a bug. |
Justin Etheredge
Senior Software Engineer
BVSoftware |
|
|
|
|
|
Rank: Member
Joined: 3/1/2006(UTC)
Posts: 1,142
|
This is due to the setting in Options > Users > Default Password Encryption. When the user changes their password, it is always going to default to this setting. |
Justin Etheredge
Senior Software Engineer
BVSoftware |
|
|
|
|
|
Rank: Member
Joined: 4/4/2004(UTC)
Posts: 670
|
If there is a drop down list with three options, why would the other parts of the cart not respect the user selected option?
why force the default and/or revert to the default when it wasn't what was selected?
Why have a user selectable option if the default overrides the user selected option?
Scott Mech
|
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.