07-07-2021, 09:21 PM
Hi Stam,
I did not realize that we did not document cdb_forgotUserAccountPassword. We'll get to work on that today.
cdb_forgotUserAccountPassword is useful for cloud data.
It comes with one caveat. Local data will no longer be accessible. This issue is a huge problem if your app relies on local data.
The reason is that we have a unique hash for every user. Thus, if your app runs on a community computer (think front office desk with multiple users logged into their accounts), the unique data each person has access to is protected by a unique hash. Thus, no one can drag records from another account into their DB and expect to access the data.
The problem is exacerbated when you consider data stored on multiple devices. We cannot simply encrypt existing data with the new hash. The other systems will not know the old password to load it into memory to encrypt it with the updated hash.
Canela has come up with a solution that should solve all of the issues presented. The goal is to release an update as soon as possible. The solution is straightforward but nontrivial to implement.
-Mark
I did not realize that we did not document cdb_forgotUserAccountPassword. We'll get to work on that today.
cdb_forgotUserAccountPassword is useful for cloud data.
It comes with one caveat. Local data will no longer be accessible. This issue is a huge problem if your app relies on local data.
The reason is that we have a unique hash for every user. Thus, if your app runs on a community computer (think front office desk with multiple users logged into their accounts), the unique data each person has access to is protected by a unique hash. Thus, no one can drag records from another account into their DB and expect to access the data.
The problem is exacerbated when you consider data stored on multiple devices. We cannot simply encrypt existing data with the new hash. The other systems will not know the old password to load it into memory to encrypt it with the updated hash.
Canela has come up with a solution that should solve all of the issues presented. The goal is to release an update as soon as possible. The solution is straightforward but nontrivial to implement.
-Mark