VegBank

I don't know how to do this. I have snooped around the postgresql site to try and figure it out. It seems we need the "pgcrypto" add-on package, which is part of the core distribution according to http://www.postgresql.org/download/

I have not been able to use the crypto and gen_salt('MD5') functions, however.

Example functions are here:
http://www.varlena.com/varlena/GeneralBits/38.php

and apparently we can install the package with a "make" command, then load the functions into template1 or vegbank and it should work. We will have to configure our authentication to deal with the encrypted values in the db instead of just seeing if the value supplied on the login form matches the value in the database.

I've altered the password system so that it now accepts and stores MD5 digests instead of clear text passwords. I've altered the login and password change functionalities to use the new system. I just need to alter the 'email me my password' function since we no longer know the users password. this functionality will have to be changed to email the user a temp password then have them login and change it. this is much more secure than emailing them their own password anyway.

The email password function now works. It creates a random password and emails that the the user asking him/her to change it ASAP. The message now reads:

Dear VegBank user,
Your password has been reset to: 462804340

Please login as soon as possible and change your password.

VegBank Support Team

Email: help@vegbank.org
Website: http://vegbank.org

I've thouroughly tested this and think it's working well. I also wrote a utility to update all of the current clear text passwords with the MD5 digests.

Original Bugzilla ID was 2444