IMPORTANT

Revision 120, 1.7 kB (checked in by eadiaz, 3 years ago)
Instructions about promoted flag

Line
1	IMPORTANT INFORMATION
2
3	RELEASE 0.4.4.120
4
5	NEW PROMOTED FLAGE
6
7	The posts table now uses a new field 'promoted' to indicate that a meme is promoted out from the new memes queue.
8
9	For compatibility you must execute the following query:
10
11	update posts set promoted = 1 where votes >= 7;
12
13
14	where 7 is the standard promote threshold. You can change this value according your own implementation.
15
16	PROBLEMS WITH AES
17
18	The last release didn't handle the AES security in proper way.
19	The problem was fixed, we suggest to use your backups for a new password generation.
20
21	You can regenerate the passwords this way:
22
23	update users set password = aes_decode(strong_pass, md5(join_date));
24
25	then with your global key, you must do:
26
27	update users set strong_pass = aes_encode(pass, md5(join_date)\|\|'your secret key'));
28
29	Read the notes on release 0.4.4.100 or visit the trac site for more details.
30
31	http://trac.blogmemes.com/
32
33	RELEASE 0.4.4.100
34
35
36	UPGRADING DATABASE FOR BETTER SECURITY
37
38	With release 0.4.4.100 we have changed the password storage.
39
40	A new configuration parameter is in config.php
41
42	define('AES_KEY', '<put your secure key here>');/// AES site key for password storage
43
44	this parameter is used in users.php for registration and login.
45
46	With this, we abandon the MD5 passwords, and we store them in a more secure mode using AES.
47
48	If you have a working database and want to upgrade to release 0.4.4.100 you must execute this
49	script in mysql:
50
51
52	alter table users add strong_pass blob;
53	update users set strong_pass = aes_encrypt(password, md5(join_date \|\| YOUR_AES_KEY));
54
55	after a while you can drop password from the table.
56
57	Remember to do a backup of your database!!.
58
59

Note: See TracBrowser for help on using the browser.

Download in other formats:

Original Format