About every other time I try to access the Lucee downloads page, it results in a Lucee error key [status_code] doesn't exist. It actually took me a few minutes to get to the downloads page this time. Below is a screenshot.
As for the fact that this page is a little – unpolished… we do apologize for that. This page was originally just an internal proof of concept that managed to make its way into general use. As such, it didn’t receive the typical error checking or UI finalizations it deserves. We’ll review internally what needs to happen to tidy it up a bit more.
When you select a new password, it checks to see if the password you put in
is the same. This may be done with hashing, but it still is strange thing
to be told, “This password is already being used”. It just seems odd and
raises my security eyebrow a bit.
Can you elaborate on your comment about passwords? I don’t see any
mentions of passwords by the OP or the error message. Is there another
thread about this?
@Lance_Lake Where are you seeing this message? Are you referring to the Discourse forum, a local Lucee Server installation, or the actual Lucee download site?
If you’re referring to the download site (the original topic of this post), I’m quite confused since it is a public site that isn’t secured so there should be no logging in on your part.
If you’re referring to the Discourse forum, they use strong password hashing which you can read about here:
If you’re referring to the Lucee server itself, we use a strong, iterated hash as well. No plain text, or reversible encryption is used. Checking for a used password is as easy as hashing the plaintext and comparing the hashes. That’s exactly what happens when you log in! Disallowing a password change to the same password is a logical thing to do.
Thanks for the help everyone! I’ve marked this question as answered since the fix makes sense and you explained it all very well. It may just be me, but the download page seems much more responsive as well now.