Got it dear. Thanks a lot Mr. Melo & Mr. Helix

 

Thanks & Regards

 

From: ivan.masar@gmail.com [mailto:ivan.masar@gmail.com] On Behalf Of helix84
Sent: Thursday, November 01, 2012 4:37 PM
To: Umair Kayani
Cc: João Melo; dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] Application Security details of dspace 1.8.2

 

On Thu, Nov 1, 2012 at 12:15 PM, Umair Kayani <ukayani@niftetrust.com> wrote:

> Actually we surely implement SSL but we also want our password be saved in hashed form using SHA variants or some other algorithm whatever we like to use rather than using dspace default hashing algorithm.

 

Why didn't you just say so? :) As you can see, thanks to this patch it's much easier to use "upgrade" the hashing method if you want.

 

On Thu, Nov 1, 2012 at 12:28 PM, Umair Kayani <ukayani@niftetrust.com> wrote:

Well thanks let me try this one also but the source that I got doesn’t have this passwordhash.java code file. Is this hash code file from DSpace 3 sources or from same 1.8.2. I think I downloaded 1.8.2 version of dspace 1 week back but I can’t find this file there. What does this website do is this for those people who fixes the bugs or mods, secondly is it safe enough to use code files uploaded here.

 

The DSpace/DSpace repository on GitHub is now the official place where we keep the source code, so yes, it is safe.

 

You're right, João pointed you to the master branch, which will become DSpace 3.0 soon (this month). I recommend you to work with this branch because of that hashing+salting patch which was not available in 1.8. I'm sure that before you have your changes ready, there will be a release, so you could start with 3.0.

If you still prefer to work with 1.8.2, I strongly recommend you to apply the patch (the link I sent you).


Regards,
~~helix84