Querying Wild Apricot for Contact's passwords?
Is it possible to query Wild Apricot for a Contact's password? I need to keep an external CMS synced with the users that are in Wild Apricot that have memberships and thus would like it if the passwords can be kept in sync with Wild Apricot.
Evan Donovan
shared this idea
No, it is not possible – we do not keep passwords. And no one usually does, it is not secure.
Instead, check out Single Sign On feature – https://help.wildapricot.com/display/DOC/Single%20sign-on%20service#Singlesign-onservice-Singlesign-onservice
-
As I said, we do not store password - we store hashed version of password. There is no way to reverse this version into original one.
-
Evan Donovan
commented
When you say that you do not keep passwords surely you must be storing them in the database somewhere?
Is it really insecure to send them via an HTTP POST, if you are using HTTPS? I would think that would be adequately secure.
I did look at the single sign-on feature, but it is more complex to implement than it would be for us to have a way simply to synchronize our external database with the Wild Apricot database. For one thing, we have many legacy users that are going to be logging in to the site still once we switch over to Wild Apricot. We would prefer if their authentication could remain as it is, rather than having to reset all their passwords to what the new passwords would be. (We don't know what their existing passwords are because they are hashed.)
