cwilliams
Admin Group
CJWSoft Web Software Developer
Joined: April/06/2004
Online Status: Offline
Info: 1769
|
| Added: February/28/2009 at 10:25am | IP Logged
|
|
|
The function is in the "config_inc.asp" file in the root...
Be aware that I am not exactly sure that changes to that function will be enough. You might have to track down any time it is envoked and make small changes as well, or maybe not, all depends..
Also, I believe SHA is a hash, not encryption (meaning it's one way and not reversible) so your gonna have issues with that too. One that comes to mind is the forgotten password feature. You'll have to rework it because you won't be able to decrypt the password and send it to the person. You'll have to do a... send email click on link... go to system.. change password.. type of scenario.
And then there is SALT.. if your hashed passwords had SALT then you have to incorporate all of that that. That could be tricky.
Another thing that would have issues is the expired password feature which store records of a users previous passwords in an encrpted array.. so someone has to choose a password that hasn't been chosen.. that could all break.
Keep in mind too that the free .NET authentication add-on you won't be able to change the encryption/decryption as we don't give out the source code..
I do not support things like this but what I have told you should help.
__________________
Best Regards,
Christopher Williams
www.CJWSoft.com
|
Active Info
Memberlist
Search
Help
Register
Login
Info: Use different PW encryption scheme
