[OFBiz] Users - RE: Users Digest, Vol 15, Issue 22

> Hi all,
> I have built an application using the Ofbiz framework and has made
> full use of the Security system..I am using the framework provided
> login and logout services
> In my application there is a customer side and an admin side....
> I have provided the customer with a feature to change password after
> logging in. In that case I find that though the new password is
> updated in the Userlogin entity its not effecting the
> application...Whil;e trying to log in with his new password the
> customer is getting error of Incorrecvt password. But he is able to
> log in with his old password. The strangest thing is that the
> Userlogin entity has the new password and not the old one......is the
> password also stored some where else....I have not used any
> encryption....
> there are more strange observations .......
> When the admin tries to change the customers password the change is
> effected if the user is not logged in at that moment...Even if he is
> logged in he the UserLo0gin entity gets updated with new password but
> it does not effect the customer's security settings. I mean later when
> the customer tries to log in with his new password he fails but is
> allowed the same with his old password.....
> But when an admin changes the password of a customer who in not logged
> in the change effects his security settings...The behaviour is as
> expected...He can log in with his new password and not the old......
> If I provide the customer with a feature that he canchange his
> password without logging in( where he has to provide his userloginId
> also) the behaviousr is as expected.....He can log in with his new
> password and not his old one......
>
> FYI I am using a minilang(simple) service to change the password and
> update the UserLogin entity....It uses the "store" tag of minilang
>
> Can someone please explain this wierd behaviour and its remedy.....any
> suggerstion will be of gr8 help and I shall be highly obliged
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>

> Hi guys,
> I   want to know more about the security implementation of OFBiz including
>  user creation. Can someone please  point me to any documentation?
>
> Thanks
>
>
> Anil
> Eagle Creek Software Services
> [hidden email] 303-520-0646
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]]
> On Behalf Of [hidden email]
> Sent: Tuesday, October 18, 2005 10:00 AM
> To: [hidden email]
> Subject: Users Digest, Vol 15, Issue 22
>
>
> Send Users mailing list submissions to
> [hidden email]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.ofbiz.org/mailman/listinfo/users
> or, via email, send a message with subject or body 'help' to
> [hidden email]
>
> You can reach the person managing the list at
> [hidden email]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Users digest..."
>
>
> Today's Topics:
>
>
> 1. Re: Re: Users - BUG IN CHANGING PASSWORD (STRANGE
> OBSERVATION) (Andrew Sykes)
> 2. RE: Ofbiz hardware requirements (Daniel Kunkel)
> 3. Re: BUG IN CHANGING PASSWORD (STRANGE OBSERVATION)
> (David E. Jones)
>
>
>
> ----------------------------------------------------------------------
>
>
> Message: 1
> Date: Tue, 18 Oct 2005 15:48:18 +0100
> From: Andrew Sykes <[hidden email]>
> Subject: Re: [OFBiz] Users - Re: Users - BUG IN CHANGING PASSWORD
> (STRANGE OBSERVATION)
> To: OFBiz Users / Usage Discussion <[hidden email]>
> Message-ID: <1129646898.3823.24.camel@localhost>
> Content-Type: text/plain
>
>
> Souvik,
>
>
> Could it be that you are mistakenly creating a new record rather than
> doing the update you think you are?
>
> Kind Regards
> --
> Andrew Sykes <[hidden email]>
> Sykes Development Ltd
>
>
>
>
> ------------------------------
>
>
> Message: 2
> Date: Tue, 18 Oct 2005 08:11:33 -0700
> From: Daniel Kunkel <[hidden email]>
> Subject: RE: [OFBiz] Users - Ofbiz hardware requirements
> To: OFBiz Users / Usage Discussion <[hidden email]>
> Message-ID: <[hidden email]>
> Content-Type: text/plain
>
>
> Hi
>
>
>> In your vocabulary, does "Virtual Private Servers" count as "shared
>> hosting"/"virtual machine hosting"?
>
> Yes, they are the same.
>
>
>> Is there anything similar to Contegix in the EU?
>>
>
> Not that I am aware of, but David is the better person to ask.
>
>
> Good Luck
>
>
> Daniel
>
>
>
>
>
>
> ------------------------------
>
>
> Message: 3
> Date: Tue, 18 Oct 2005 09:28:49 -0600
> From: "David E. Jones" <[hidden email]>
> Subject: Re: [OFBiz] Users - BUG IN CHANGING PASSWORD (STRANGE
> OBSERVATION)
> To: OFBiz Users / Usage Discussion <[hidden email]>
> Message-ID: <[hidden email]>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
>
>
>
> Based on this I couldn't really say what is going wrong. If you are
> using an older version of OFBiz you might be running into a cache problem,
> but I'm not aware of anything like this that is an outstanding issue right
> now.
>
> If you can reproduce the problem in the current code base let me know
> what you did to make it happen and I'll look into it...
>
> -David
>
>
>
> On Oct 18, 2005, at 6:53 AM, Souvik Saha Bhowmik wrote:
>
>
>> Hi all,
>> I have built an application using the Ofbiz framework and has made
>> full use of the Security system..I am using the framework provided login
>> and logout services In my application there is a customer side and an
>> admin side.... I have provided the customer with a feature to change
>> password after logging in. In that case I find that though the new
>> password is updated in the Userlogin entity its not effecting the
>> application...Whil;e trying to log in with his new password the customer
>> is getting error of Incorrecvt password. But he is able to log in with
>> his old password. The strangest thing is that the Userlogin entity has
>> the new password and not the old one......is the password also stored
>> some where else....I have not used any encryption.... there are more
>> strange observations ....... When the admin tries to change the
>> customers password the change is effected if the user is not logged in
>> at that moment...Even if he is logged in he the UserLo0gin entity gets
>> updated with new password but it does not effect the customer's security
>> settings. I mean later when the customer tries to log in with his new
>> password he fails but is allowed the same with his old password..... But
>> when an admin changes the password of a customer who in not logged in
>> the change effects his security settings...The behaviour is as
>> expected...He can log in with his new password and not the old...... If
>> I provide the customer with a feature that he canchange his
>> password without logging in( where he has to provide his userloginId
>> also) the behaviousr is as expected.....He can log in with his new
>> password and not his old one......
>>
>> FYI I am using a minilang(simple) service to change the password and
>> update the UserLogin entity....It uses the "store" tag of minilang
>>
>> Can someone please explain this wierd behaviour and its remedy.....any
>> suggerstion will be of gr8 help and I shall be highly obliged
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/users
>>
>>
>
>
>
> ------------------------------
>
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
>
> End of Users Digest, Vol 15, Issue 22
> *************************************
>
>
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users
>
>