Re: [Jamwiki-devel] Passwords with salts [was: Question about code fragment]
Brought to you by:
wrh2
Menu
▾
▴
Re: [Jamwiki-devel] Passwords with salts [was: Question about code fragment]
|
From: Ryan H. <rya...@gm...> - 2013-03-18 04:25:46
|
On 3/16/2013 4:46 PM, Peter Palmreuther wrote: > So it would be nice if someone could apply this patch to a local > export of the sources and test if every thing works well; for me it > does. Maybe someone can even test if an already existing installation > still works ... After the necessary small upgrade. I haven't tried running your code yet, but reading through the patch and approach it makes sense and looks fairly elegant. I can add the code to automatically detect an upgrade and increase the password field size in the database if you'd like - I'm looking into possibly using Flyway for schema management in 2.0, but until that happens a schema change is a simple matter of modifying UpgradeServlet and DatabaseUpgrades. With respect to the specific issue that I thought required Java 6, looking at http://jira.jamwiki.org/browse/JAMWIKI-36 I think that may have been related to the Jasypt library that is mentioned in the comments, but I don't recall specifically - I have vivid memories of working on this issue in the basement of the LA Cathedral while my girlfriend rehearsed for a Christmas concert, but I probably should have written down some notes as well :) I'll get your changes running locally in the next couple of days and let you know if I encounter any problems. If you'd like to commit it to a branch please go ahead. Thanks for working on this - it will be a nice security improvement that I know several people have wanted. Ryan |
