Liferay passwords can not be retrieved from the database. By default liferay uses MD5 hashes for password encryption. MD5 hashes are designed to be non reversible. When you call the method onthe user object as user.getPassword(), it wsill retrieve the encrypted password.
You can change this feature and store the plain password with out encryption by setting the property in the portal-ext.properties as passwords.encryption.algorithm=NONE.
This will store your password in plain text. This means your db admin would be able to see all including admin's password. Also, be aware that you have to set this before you first server start up. Because changing password encryption may result in not being able to login.
When the first time the user is registered the user will get the email notification with password. This is achieved as the the email is sent in the same session as the user registration. The password is stored in the SessionMessages and retrieved from there (rather than the database) while sending the email.
You can change this feature and store the plain password with out encryption by setting the property in the portal-ext.properties as passwords.encryption.algorithm=NONE.
This will store your password in plain text. This means your db admin would be able to see all including admin's password. Also, be aware that you have to set this before you first server start up. Because changing password encryption may result in not being able to login.
When the first time the user is registered the user will get the email notification with password. This is achieved as the the email is sent in the same session as the user registration. The password is stored in the SessionMessages and retrieved from there (rather than the database) while sending the email.
Then how does the forgot password work in
ReplyDeleteliferay
Liferay never retrieves the password when you request for "forgot password", rather it will create a new one and send it across.
ReplyDelete