I need to implement custom code-level and database-level changes in my Discourse Rails application to meet my specific requirements.
Update password encryption method. Currently, Discourse uses “PBKDF2” for password encryption.
As per my requirement, I need to switch to “MD5” instead of “PBKDF2”.
I have setup code in my local environment and also, deployed discourse the production environment using Docker.
When I update the local code based on my requirement then I need to redeploy my updated code in the production environment but currently, I have set the production environment discourse official docker file so I need to generate a new docker file how I can create a new docker file and how to access PostgreSQL database discourse application production environment
This appears to be a significant security downgrade. MD5 is unsuitable for password hashing. Not only would this change affect a critical part of Discourse, but you would also need to maintain it for all future releases.
Perhaps we can suggest a better approach if you could explain what you’re trying to achieve.
You want to make your changes in a plugin. If you want to fork Discourse and try to maintain that separately you’ll be very, very, sorry, if history is any indicator.
What problem are you trying to solve with passwords stored as an MD5 hashh? As suggested already, the whole internet seems to agree that MD5 is not encryption and not suitable for storing passwords.
Need help to find a solution. I need to change an encryption method in ROR (Discourse). Currently, I am using MD5 encryption. I made changes in the code level in my local environment. How can I reflect those changes in the live server without the help of Docker?
Currently, the production environment is set up using Docker configuration
You still haven’t said what problem you’re trying to solve. Can you say more about what MD 5 is solving?
You still need to implement whatever changes you make on a plugin. Have you started to learn how plugins work?
But I bet what you really want is to have discourse authenticate against your existing app, in case you just need to implement discourse_connect and discourse won’t need to know about your choices in password storage.