User password encryption algorithm changed

For improved security, for Studio user passwords, we have changed the security algorithm from SHA-1 to SHA-256.

If you have any users stored in the Studio database, then those passwords will need to be reset.

For databases other than Hypersonic, run a SQL script against the Studio database to reset the password of at least one administrative user. For example:

update User_
set PASSWORD_ = 'admin456', PASSWORDENCRYPTED = 0, PASSWORDRESET = 1 
where SCREENNAME = 'admin';

The script resets the password to a plain text string, and forces it to be changed on first login.

For a Hypersonic database, you must manually edit the entry in the database user file to:

Change the password
Indicate that the current password is not encrypted
Indicate that the password needs to be reset

When the user logs in and changes the password, it is then encrypted using the new algorithm.

You can use the same process to reset additional users, or, if there are only a few users, the administrator can reset the passwords directly from the Users page on the Control Panel.