Have you ever had one of those moments where you’ve just completed importing 1.7 million user records from flat files into an normalized set of ATG Personalization tables, plus some custom tables, and you only then realize that the passwords from the old system, while in the compatible md5sum format, are all UPPERCASE, while ATG uses all lowercase hashes?
It’s not a great moment.
Initially I was stuck in an ATG specific mind-set. I figured the two possible solutions were as follows:
- Use the already sub-classed ProfileFormHandler to override the out of the box password comparison and do an uppercase on the hash value before checking it against the database. Also update the create and update related methods as well to uppercase the hash.
- Drop the 1.7 million records. Update the importer tool to lowercase the incoming md5 hash before persisting it.
The issue with option 1 is that it means overriding the perfectly good out of the box behavior of ATG Profiles for the life of the application due to a set of awkward initial data. I’m happy to override ATG behavior when I should, but this just felt wrong.
The issue with option 2 is that it would take approx 2-3 days. The import process was slow and had to be done in small chunks for reasons I won’t get into now.
It wasn’t until after sleeping on it that I realized I had put myself into the ATG box unnecessarily. Let’s just fix the data in situ. I didn’t know much PL/SQL but some Googling (I love how that’s a common verb now, btw) led me to write up this:
declare i number := 0; begin for r in (select id from dps_user) loop update dps_user set password = lower(password) where id = r.id; i := i+1; if mod(i, 10000) = 0 THEN -- Commit every 10000 records COMMIT; end if; end loop; commit; end;
I’m no Oracle DBA, but it works!
Essentially it loops through every row in the dps_user table, and replaces the password with an all-lowercase version of itself. Every 10,000 records it does a commit as the full 1.7 million records would overwhelm the undo tablespace.