It has been a while since the last FSyncMS update so here is a new Version.
The main new feature is that its now possible to store the user password as a bcrypt hash and one does no longer depend on MD5 for this.
Thanks to Trellmor for this new feature.
Also it’s recommended to use bcrypt as hashalgorythm from now on, and this is default for new installtions, existing installations wont change algorythm automaticaly.
But changing the algorythm in existing installations is quiet easy.
As always you should remember doing a backup at first.
After that do this simple steps:
- First the DB scheme has to be updated, so that the filed named ‘md5’ can take 124 Characters. If you use mysql this change will be done by the following sql statement
ALTER TABLE `users` CHANGE `md5` `md5` VARCHAR( 124 ) CHARACTER SET latin1 COLLATE latin1_swedish_ci NULL DEFAULT NULL;
- After adapting the DB, you may enable bcrypt by adding
define("BCRYPT", true); define("BCRYPT_ROUNDS", 12);
to your config.php
- As last step you simply have to sync. While the correspoding login, the FSyncMS-Software will replace the Passwordhash in your database with the new version.
Further more, if you’re using sqlite, you may now change the destination or name of the database file in config.php,
by the a statement like this:
In this context I want to remind that the weave_db should never be accessible directly via web, also its data should be encrypted.
So eighter use .htacces or similar technology to deny access to this file via browser, or move it anywhere that is not served via your webserver.