12 Aug
2010
12 Aug
'10
3:16 p.m.
+0
Le 2010 8 10 19:34, "Caleb James DeLisle" <calebdelisle(a)lavabit.com> a
écrit :
Because protectPassword generates a base-64 encoded
java serialized form,
the size is quite a bit larger than
the 255 character limit of StringProperty and thus
PasswordProperty.
The use of java serialization is central to the upgradability of the
password
verification function because
any new class which implements
PasswordVerificationFunction automatically
works.
Given this, I want to migrate the database to move password hashes into
the
xwikilargestrings table and change
PasswordProperty to extend LargeStringProperty. During
this migration, any
passwords still stored in plaintext
will be ported to the scrypt function, passwords
stored as a hash will
have an exclamation mark pretended to the
text (this is invalid base64) and be inserted into the
table as is.
PasswordClass will keep the sha-512 hash function for legacy passwords but
will
port passwords to the new format
as users log in.
These changes will allow us to close
http://jira.xwiki.org/jira/browse/XWIKI-70
and
http://jira.xwiki.org/jira/browse/XWIKI-582
WDYT?
Caleb
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs