jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "angela (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCR-3405) Improvements to user management implementation
Date Tue, 07 Aug 2012 18:36:09 GMT

    [ https://issues.apache.org/jira/browse/JCR-3405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13430511#comment-13430511
] 

angela commented on JCR-3405:
-----------------------------

Revision: 1370420

- add PasswordUtility for creating + comparing passwords
- UserManagerImpl: some config options related to password hashing
  > PARAM_PASSWORD_HASH_ALGORITHM: the algorithm to use (default: SHA-256)
  > PARAM_PASSWORD_HASH_ITERATIONS: number of iterations (default: 1000)
  currently the salt size is not configurable. that could be added easily if required.
- some improvement to handling of plaintxt passwords starting with {algorithm}. as of rev.
1370420 all API
  methods taking a plaintxt password treat it as plaintxt pw and thus force hashing. this
contrasts to 
  UserImporter which is expected to deal with password strings extracted from the repo before
and thus
  doesn't enforce an extra hashing step.

so far no performance test were made if changing the default hashing has an impact on login.
i would
expect that with increasing number of iterations.
                
> Improvements to user management implementation
> ----------------------------------------------
>
>                 Key: JCR-3405
>                 URL: https://issues.apache.org/jira/browse/JCR-3405
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>          Components: jackrabbit-core, security
>            Reporter: angela
>            Assignee: angela
>             Fix For: 2.5.2
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message