Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Adding a site give a "Password Retrieval is not enabled" errorAdding a site give a "Password Retrieval is not enabled" error
Previous
 
Next
New Post
4/2/2013 11:06 AM
 
Roland W


Joined: 2/25/2013
Posts: 159

I've installed DNN7.0.3 and now have the "awesome cycles" demos site up and running, but when I try to add a new site, I get a "password Retrieval is not enabled" error message.

Yes I disabled pasword retrieval and set the password format to 'hashed', so password retrieval is indeed disabled. Sending a password via plain text e-mail is an absolute no-no. When I saw DNN mailed my password, I immediately changed my password, only to find that DNN also mailed my new password. So step 1 was to get DNN to stop mailing passwords and I soon found out the passwordt are stored encrypted (and thus can be decrypted) in it's database. Luckily it can be configured in the webconfig to store password hashed, which also implies passwords can not be retrieved.

Step 2 would be to create a new, blank site. But unfortunately this is (now?) blocked with a "Password Retrieval is not enabled" error. I have no idea why this would block the creation of a site. Especially because I left the option "Use Current User as Administrator" checked. Is this a bug or is there a reason for this error?
 
New Post
4/2/2013 11:33 AM
 
Roland W


Joined: 2/25/2013
Posts: 159
I've found a workaround: in the webconfig, set passwordFormat to "Encrypted" and enablePasswordRetrieval to "true" and you can create new sites. Only setting enablePasswordRetrieval is not enough (and would be a silly setup as hashed passwords can not be retrieved)
You do not have to change any passwords.

After this I can reenable hashed password.

No passwords are mailed or changed during this process, I have no idea why password retrieval needed to be enabled. I guess the error is a bug, as there seems to be no need to have password retrieval enabled, other than avoiding the error message.
 
New Post
4/2/2013 1:14 PM
 
April Spence


devcentral.f5.com
Joined: 11/4/2005
Posts: 562
Roland,
It does sound like a bug. I you have time, please log this in Gemini.

Also, FWIW - I completely agree with you on hashed passwords and that systems should never, ever, EVER email passwords in plain text. Just so you know, core password recovery has the same vulnerability. You can however replace password recovery with password reset (sending a timed token to the email on record) using this freebie from Mitch Sellers:

http://www.iowacomputergurus.com/prod...



Steven Webster
Manager, Community Platform
F5 Networks, DevCentral
 
 Page 1 of 1
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Adding a site give a "Password Retrieval is not enabled" errorAdding a site give a "Password Retrieval is not enabled" error


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out