Tweet
It would be nice if IB would find a way to say "go for it" to Andreas. i.e. Andreas releasing sprints for vb4, instead of releasing on vb.org
-
I buy 420 forums
-
Little off topic guys lol. Anyway so which would be preferable. Andreas, or IPB converter?Comment
-
Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
I've tested the impex modul from andreas and it worked without any problems for the standard content
Not sent from my iPhone and not using any browser attaching any 3rd party advertisement to my postsComment
-
Anyway to make it accept current xf password and force them to change the password?Comment
-
Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
This is technically impossible (without compromising security at least a bit):
vBulletin does not transfer the plaintext password but only it's MD5 hash.
To be able to authenticate against a XF scheme the plaintext password would be required, so if you want this to happen automatically you would have to remove the MD5-Hashing for all logins.
XF can handle different authentication schemes because it does always transfer the plaintext password.
Granted that MD5-Hashes are not that hard to break, it makes it at least a bit more difficult for the occasional "sniffer", if this is removed I personally would at least recommend to use SSL for logins.Comment
-
That's basically what I said before
Reject the first (MD5) authentication attempt with an error and try again with the plaintext password (against the foreign authentication scheme) if the account is flagged - if it succedes update the password, if not produce an error.
Wether that happens visibly or "behind the scenes" are implementation details.Comment
-
... which means that all logins will work without hashing, as you don't know who is going to log in (a "vB account" or a "XF account") before he/she has attempted to log it, the server just sees a guestHowever, if the account isn't already flagged as "correct" through the vB authentication scheme (like it was freshly imported), then you don't need to send out a form which will hash the password at the first attempt.
I don't see any way to avoid two authentication attempts if you don't want give up on hasing at all (unless you want to introduce some "preflight AJAX call" just to check if an account with the entered username does exist and is not yet flagged).
Rejecting the first attempt does not necessarily mean to ask again, the first attempt (and reject) could be handled silently - the user wouldn't even notice the first attempt was jerected.you don't have to reject the first attempt to ask for the password again.
Baut as said before, those would be just implementation details.Last edited by Andreas; Mon 4 Jun '12, 10:25am.Comment
Comment