[Treebase-devel] Pre-christmas check-in

[Vladimir G. <vga...@ne...>]

As requested during the last conf call, here is my status:

- Tried again to set up a working environment that uses Eclipse WTP,  
but could not resolve dependencies problems.  Will have to use outside- 
Eclipse WAR deployment, until serendipity strikes...

- Studied TB2 schema, made a pretty reasonable diagram.  (Would post  
it to the wiki, but the wiki does not want anything but pictures.)

- Explored code base, to figure out where to put password hashing (see  
below).

--Vladimir



* class treebase-core/src/main/java/ 
org.cipres.treebase.domain.admin.User
     This is the OO representation of the user record from DB.

     It has methods getPassword() and setPassword(String). The latter  
is not a good place to hash the password -- when I experimented with  
altering the password here, the UI responded by claiming that 2  
password copies of the password I supply during registration were not  
identical. (?!)


* class  treebase-core/src/main/java/ 
org.cipres.treebase.service.admin.UserServiceImpl

     The method createUser(User) here checks whether there is an  
object in DB with the same username or the same password and, if not,  
persists it into DB.
     I do not think this is a good place for pass hashing, since I do  
not see any other code here changing contents of User

* class  treebase-core/src/main/java/org.cipres.treebase.web.controllers.RegisterUserController
      This one contains a TODO to implement password encryption.
      This probably is the place to do password hashing.