[support] Password stored in DB
Warren Vail
warren at vailtech.net
Tue May 31 05:45:18 UTC 2011
The password is encrypted via MD5, to prevent the actual characters from
ever being stored anywhere (a real serious security risk). When a user logs
on he supplies the correct character, and it gets hashed with MD5 and will
produce the same hash value. If this compares to the prior hash value, the
correct password was supplied.
Check out the user hook
http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_us
er/6
If you look at the form values you may be able to see the raw value as long
as javascript isn't used to perform the MD5 hashing, which I'll bet it is,
and this means only the MD5 encryption travels between the form and the
server (the most secure solution possible).
I'd recommend you try to find a way to get the service to use the MD5
encrypted value.
Warren Vail
Vail Systems Technology
warren at vailtech.net
(510) 444-5380
-----Original Message-----
From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On
Behalf Of Salvatore De Paolis
Sent: Saturday, May 28, 2011 4:48 AM
To: support at drupal.org
Subject: [support] Password stored in DB
Hi,
I'd like to know if it's possible to store passwords in plain text with
Drupal. I see it's probably md5 hashed.
I'd need them in plain text because I have an action which register the
user to another service on the server once the user is registered, but
since the password is hashed it doesn't work.
Any hints?
regards,
Sal
--
[ Drupal support list | http://lists.drupal.org/ ]
More information about the support
mailing list