[ FSyncMS ] Version 0.13 – Database upgrade

It has been a while since the last FSyncMS update so here is a new Version.
The main new feature is that its now possible to store the user password as a bcrypt hash and one does no longer depend on MD5 for this.
Thanks to Trellmor for this new feature.

Also it’s recommended to use bcrypt as hashalgorythm from now on, and this is default for new installtions, existing installations wont change algorythm automaticaly.

But changing the algorythm in existing installations is quiet easy.
As always you should remember doing a backup at first.
After that do this simple steps:

  1. First the DB scheme has to be updated, so that the filed named ‘md5′ can take 124 Characters. If you use mysql this change will be done by the following sql statement
    ALTER TABLE `users` CHANGE `md5` `md5` VARCHAR( 124 ) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL;

    .

  2. After adapting the DB, you may enable bcrypt by adding
    define("BCRYPT", true); 
    define("BCRYPT_ROUNDS", 12);

    to your config.php

  3. As last step you simply have to sync. While the correspoding login, the FSyncMS-Software will replace the Passwordhash in your database with the new version.

Further more, if you’re using sqlite, you may now change the destination or name of the database file in config.php,
by the a statement like this:

define("SQLITE_FILE", "weave_db");

In this context I want to remind that the weave_db should never be accessible directly via web, also its data should be encrypted.
So eighter use .htacces or similar technology to deny access to this file via browser, or move it anywhere that is not served via your webserver.

Download newest Version

This entry was posted in FSyncMS, Synchronsiation, Technik and tagged , , . Bookmark the permalink.

6 Responses to [ FSyncMS ] Version 0.13 – Database upgrade

  1. S0M30N3 says:

    > After adapting the DB, you may enable bcrypt by adding [...] to your config.php

    must be settings.php

  2. Thomas says:

    SQLite does only support a subset of ALTER TABLE.

    This sequence should work:

    $ cp -av weave_db weave_db.orig
    $ sqlite3 weave_db
    sqlite> begin transaction;
    sqlite> create temporary table users_backup(username varchar(255), md5 varchar(64), primary key (username));
    sqlite> insert into users_backup select username, md5 from users;
    sqlite> drop table users;
    sqlite> create table users (username varchar(255), md5 varchar(124), primary key (username));
    sqlite> insert into users select username, md5 from users_backup;
    sqlite> drop table users_backup;
    sqlite> commit;

  3. Thomas says:

    Oh, and it seems one has to specify

    define("SQLITE_FILE", "weave_db");

    or similar – this is not optional, it will try to access a file named ‘SQLITE_FILE’ otherwise, and fail.

  4. mario says:

    hi,

    auf github gibt es workarounds für das benutzername/passwort problem, gibts da auch was für nginx? hatte ja früher auch immer apache, aber nun halt ngins und eben das selbe problem mit dem sync server wie auf github beschrieben.

    und wie immer, danke für die super arbeit

    • admin says:

      Also zu erst einmal gibt es garkein Benutzername/Passwort problem, sondern nur leute die ganz ganz komische Konfigs haben.
      Was das .htaccess tut von dem du sprichst ist Username/Passwort auf die Variablen zu legen auf denen sie standartmäßig liegen.

      Unter Nginx ist klar das .httaccess nicht funktioniert !

      Muss es aber eigentlich auch garnicht,
      ich verwende selber einen nginx und der setzte die Environements für die PHP scripte von alleine komplett passend.
      An deiner Stelle würde ich erstmal schauen ob das vorliegende Problem tatsächlich an der Übermittlung von Username / Passwort oder nicht vielleicht an problemen mit der db oder ähnlichem liegt.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>