db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4483) Provide a way to change the hash algorithm used by BUILTIN authentication
Date Fri, 05 Mar 2010 19:14:27 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12841979#action_12841979
] 

Rick Hillegas commented on DERBY-4483:
--------------------------------------

Hi Knut,

Thanks for the experiment.patch increment. I had a couple polishing issues:

o Thanks for the extensive write-up explaining how the new code works. It would be helpful
if that writeup were included in a header comment somewhere.

o I did not understand why the prefixes 3b60 and 3b61 were chosen to flag authentication schemes.
Since you have been in there and probably understand why those strings are used rather than
some other strings, it would be helpful if you could record that reasoning in a comment.

o The symbol name ID_PATTERN_NEW_SCHEME suggests that there is an even older scheme which
might still be used in really old databases. Is that possible? If so, does BasicAuthenticationServiceImpl.encryptPasswordUsingStoredAlgorithm()
need to handle another case? If not, it would be less confusing if this symbol were renamed
so that it did not suggest an impossibile situation to unwary readers like me.

o If AuthenticationServiceBase.encryptPassword() really is only used by the newly introduced
configurable scheme, it would be helpful if the name of this method indicated that.

o I agree that it would be good to add a more specific error message in that method.

Thanks,
-Rick

> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>
>                 Key: DERBY-4483
>                 URL: https://issues.apache.org/jira/browse/DERBY-4483
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.5.3.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>         Attachments: experiment.diff, upgrade-test.diff
>
>
> The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1
algorithm. It would be nice to have way to specify a different algorithm so that users can
take advantage of new, stronger algorithms provided by their JCE provider if so desired.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message