|
Home > Archive > Commerce Server General > July 2004 > URGENT HELP NEEDED - Commerce 2002 One-way hash
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
URGENT HELP NEEDED - Commerce 2002 One-way hash
|
|
| Telmo Brito 2004-07-22, 5:56 pm |
| Hi,
I migrated my UserObject from commerce 2000 to commerce 2002. Everthing went well except for the user passwords. The commerce 2002 user passwords are encrypted using MD5 and the commerce 2000 ones are not. I tried to encrypt the passwords using MD5, but t
he hash generated is not the same as the one CS 2002 generates.
I How can I encrypt the commerce 2000 passwords the same way commerce 2002 encrypts them.
Thank-you,
TB
| |
| Nihit Kaul [MSFT] 2004-07-30, 5:49 pm |
| Hi TB,
Fwding a reply from a Profiles area owner:
"We use a random salt value to generate the hash. We actually document the
way to verify the hash, and by that you can create a correct hash for the
passwords.
If the user population is small, it’s easier to:
1) Rename the existing user password property (e.g. from Password to
Existing_Password)
2) Add a new password property that provides encryption (e.g. named
Password)
3) Use SQL syntax to do a bulk update of the new password property using
the existing user password property
4) Remove the existing user password property and use the new password
property
Saves you from having to do your own MD5 encryption with random salt, etc."
If none of these work - the please explain what technique / code are you
using to convert the passwords to the recommended MD5 format.
Also - please make sure to go through the following section (includes code
sample) in the CS 2002 documentation about one-way hasing: "One-Way
Hashing: Converting and Comparing User Input to the Hashed Value".
Thanks,
Nihit Kaul[MSFT]
Commerce Server
http://blogs.msdn.com/nihitk
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
--------------------
Thread-Topic: URGENT HELP NEEDED - Commerce 2002 One-way hash
thread-index: AcRwImz8PVH3mf7SSte93PuffvsnFA==
X-WBNR-Posting-Host: 81.193.124.143
From: "=?Utf-8?B?VGVsbW8gQnJpdG8=?=" <TelmoBrito@discussions.microsoft.com>
Subject: URGENT HELP NEEDED - Commerce 2002 One-way hash
Date: Thu, 22 Jul 2004 12:31:03 -0700
Lines: 7
Message-ID: <B3D717DE-8B8E-4749-9A44-D09CBC3E16C5@microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.commerceserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.157
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.commerceserver.general:14334
X-Tomcat-NG: microsoft.public.commerceserver.general
Hi,
I migrated my UserObject from commerce 2000 to commerce 2002. Everthing
went well except for the user passwords. The commerce 2002 user passwords
are encrypted using MD5 and the commerce 2000 ones are not. I tried to
encrypt the passwords using MD5, but the hash generated is not the same as
the one CS 2002 generates.
I How can I encrypt the commerce 2000 passwords the same way commerce 2002
encrypts them.
Thank-you,
TB
| |
| Telmo Brito 2004-07-31, 5:48 pm |
| Hi Nihit,
Thanks for your reply. I actually was able to solve the user password encryption problem. What I did was seeing I had the user password of commerce 2000, not encrypted, I created another column in the userobject, i.e u_password. I then Updated the user_se
curity_password with the MD5 has using the commerce 2002 classes(profile.update()).
I accessed each user profile then updated the field(user_security_password) using the password I had from the previous version of commerce. Worked like a charm. Now each password is encrypted.
Thanks,
TB
"Nihit Kaul [MSFT]" wrote:
> Hi TB,
>
> Fwding a reply from a Profiles area owner:
> "We use a random salt value to generate the hash. We actually document the
> way to verify the hash, and by that you can create a correct hash for the
> passwords.
>
> If the user population is small, it’s easier to:
> 1) Rename the existing user password property (e.g. from Password to
> Existing_Password)
> 2) Add a new password property that provides encryption (e.g. named
> Password)
> 3) Use SQL syntax to do a bulk update of the new password property using
> the existing user password property
> 4) Remove the existing user password property and use the new password
> property
>
> Saves you from having to do your own MD5 encryption with random salt, etc."
>
> If none of these work - the please explain what technique / code are you
> using to convert the passwords to the recommended MD5 format.
>
> Also - please make sure to go through the following section (includes code
> sample) in the CS 2002 documentation about one-way hasing: "One-Way
> Hashing: Converting and Comparing User Input to the Hashed Value".
>
> Thanks,
>
> Nihit Kaul[MSFT]
> Commerce Server
> http://blogs.msdn.com/nihitk
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> --------------------
> Thread-Topic: URGENT HELP NEEDED - Commerce 2002 One-way hash
> thread-index: AcRwImz8PVH3mf7SSte93PuffvsnFA==
> X-WBNR-Posting-Host: 81.193.124.143
> From: "=?Utf-8?B?VGVsbW8gQnJpdG8=?=" <TelmoBrito@discussions.microsoft.com>
> Subject: URGENT HELP NEEDED - Commerce 2002 One-way hash
> Date: Thu, 22 Jul 2004 12:31:03 -0700
> Lines: 7
> Message-ID: <B3D717DE-8B8E-4749-9A44-D09CBC3E16C5@microsoft.com>
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="Utf-8"
> Content-Transfer-Encoding: 7bit
> X-Newsreader: Microsoft CDO for Windows 2000
> Content-Class: urn:content-classes:message
> Importance: normal
> Priority: normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> Newsgroups: microsoft.public.commerceserver.general
> NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.157
> Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> Xref: cpmsftngxa06.phx.gbl microsoft.public.commerceserver.general:14334
> X-Tomcat-NG: microsoft.public.commerceserver.general
>
> Hi,
> I migrated my UserObject from commerce 2000 to commerce 2002. Everthing
> went well except for the user passwords. The commerce 2002 user passwords
> are encrypted using MD5 and the commerce 2000 ones are not. I tried to
> encrypt the passwords using MD5, but the hash generated is not the same as
> the one CS 2002 generates.
>
> I How can I encrypt the commerce 2000 passwords the same way commerce 2002
> encrypts them.
>
> Thank-you,
> TB
>
|
|
|
|
|