Closed
Bug 3029
Opened 26 years ago
Closed 25 years ago
passwords broken for 1 out of 26 people
Categories
(Bugzilla :: Bugzilla-General, defect, P1)
Bugzilla
Bugzilla-General
Tracking
()
VERIFIED
FIXED
Bugzilla old
People
(Reporter: lchiang, Assigned: terry)
References
Details
I'm entering this for nbaca@netscape.com because she cannot access bugzilla. Nbaca has tried (on different machines) to log into bugzilla. Each time, the login has failed. She asked that bugzilla email her the password, which it did, but still no luck in logging in (even w/ a copy and paste of the password from the email!). Can you reset nbaca's password to "netscape" so that she can log in and change her password again? Call nbaca at x6406 or email her to confirm since I'm entering this bug for her. Thanks!
Assignee | ||
Updated•26 years ago
|
Status: NEW → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 1•26 years ago
|
||
Damn. Damn damn damn damn damn. I wish I knew what was causing this. On rare occasion, something seems to go through and wipe out the passwords for a few people. Just a few. Anyway, I apologize. nbaca, the password that bugzilla mails to you should now work.
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
Comment 2•26 years ago
|
||
I am now able to enter Bugzilla. Thanks!
Updated•25 years ago
|
Comment 3•25 years ago
|
||
I have encountered the bug while helping to manage the bugzilla installation on www.e-speak.net. The problem seems to be caused by a difference in the way that perl encrypts passwords and the way that mysql encrypts them. In bugzilla, the initial passowrd is encrypted by MySQL and verified against a password encrypted in perl. The two encrypted passwords seem not to match in cases where the encrypted password begins with two equal characters. Brian Behlendorf pointed out that the rate of occurance seems to be almost 1/26. For example, you can find a list of all people who cannot log in by using the following query: select login_name from profiles where SUBSTRING(cryptpassword, 1, 1) = SUBSTRING(cryptpassword, 2, 1); The solution I used was to (1) do all encryption in perl and none in mysql; and (2) put the perl password generation logic in a loop that generates new salt until the first two characters of the encrypted password are not equal. jason! ====================================================================== Jason Robbins, Ph.D. Collab.Net is hiring open source developers! Senior Software Engineer http://www.collab.net/jobs ======================================================================
Assignee | ||
Comment 4•25 years ago
|
||
Hot damn! Someone finally figured this out! Thank you, thank you! Do you have the patches you mentioned available?
Assignee | ||
Updated•25 years ago
|
Status: REOPENED → ASSIGNED
Priority: P2 → P1
Assignee | ||
Updated•25 years ago
|
Resolution: FIXED → ---
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 26 years ago → 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 7•25 years ago
|
||
OK, I have come up with my own patch and have checked it in. My fix causes all encryption to happen in MySQL, not in perl. Thanks again for figuring this out!
Comment 8•25 years ago
|
||
Verified
Comment 9•23 years ago
|
||
Moving to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
QA Contact: matty
Target Milestone: --- → Bugzilla old
Version: other → unspecified
Comment 10•22 years ago
|
||
fixing summary so nobody accidently moves this to the mozilla.org product
Summary: Pls reset the password for nbaca@netscape.com. → passwords broken for 1 out of 26 people
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•