How to reset your password, no matter what

  February 27, 2009

The "Lost Password" Function

If you lose your password in Code Collaborator, just go to the "Login" page and click "Lost my password." The password will be reset to something bizarre and random and will be emailed to the address associated with your account.



What if my email address isn't set?

Of course if your email address isn't set, you can't get your password emailed to you. In this case, the next step is to contact your system administrator. The administrator is allowed to go into your user record and change your password to anything else.

Don't forget to apologize profusely for your imposition on the blessed administrator. They love that sort of thing.

What if I am the only system administrator?

You'll need to edit a row in the database. No, there's no way to do it without going into the database -- if there were, regular users would be able to reset administrators' passwords!

When you use MySQL, SQL Server, or Oracle as the database back-end for Code Collaborator, it's easy to

go in and poke around.p We even document how the tables work!p The table you want is called either "user" or "collabuser" depending on your database (sometimes "user" is a reserved word).

Inside the user table you'll find a row with your name in it. If you're the "one true root" system administrator, your will be the first entry (ordered by primary key ID).

The "user_password" column is what you'll need to change. Passwords are stored as a super-secret MD5 hash. The only not-super-secret hash is the password for the empty password, which is "d41d8cd98f00b204e9800998ecf8427e". That's what you need to set your password to.

Most databases come with easy-to-use tools for updating tables.p If you must run a query, this one will work:

UPDATE collabuser SET user_password='d41d8cd98f00b204e9800998ecf8427e' WHERE user_login='YourCollabLogin'

(FYI: No, it's not a security problem that empty passwords are stored with a known MD5 sum. Why? Because a hacker would just need to try your login without a password and she would get in.p If it's that easy to log in, you've got bigger security problems than a hacker who has access to your entire database!)

What if I'm using the in-memory embedded database, like during a trial?

I said "during a trial," because we don't officially support running Code Collaborator on the embedded database after the trial is finished, right? Because it doesn't scale. If you're still on it, migrate to a real database.

Anyway... assuming you're still on that embedded database legitimately, you've got another problem -- you can't connect to an in-memory database to reset the password!

So here's what you do:

    1. Stop the running Code Collaborator server

    1. Go into the installation directory, then into the "tomcat" directory.

    1. Find the file called "database.log"p If you can't, find "database.script".

    1. Edit that file with a text editor.p You will find SQL statements.

    1. Append these lines to that file to update the admin record:



INSERT INTO USER VALUES(1,'d41d8cd98f00b204e9800998ecf8427e','Administrator','','','','3eceb8902115c31c865902635d36749b','2009-02-10 11:07:22.000000000','2009-02-10 11:07:22.000000000','1990-01-01 00:00:00.000000000','Y','Y','Y','admin')


You can now restart Code Collaborator.