Re: svn commit: r1772589 - in /ofbiz/trunk/framework: base/src/main/java/org/apache/ofbiz/base/crypto/HashCrypt.java security/config/security.properties security/data/PasswordSecurityDemoData.xml security/entitydef/entitymodel.xml

[Nicolas Malin <ni...@nereide.fr>]

hello Shi

I think it's better to use a StringBuilder to build this.

Cheers,
Nicolas
Le 05/12/2016 � 02:32, shijh@apache.org a �crit :
> +            return pbkdf2Type + "$" + PBKDF2_ITERATIONS + "$" + salt + "$" + new String(hash);

Re: svn commit: r1772589 - in /ofbiz/trunk/framework: base/src/main/java/org/apache/ofbiz/base/crypto/HashCrypt.java security/config/security.properties security/data/PasswordSecurityDemoData.xml security/entitydef/entitymodel.xml

[Jacques Le Roux <ja...@les7arts.com>]

Why not changing other admin logins pwd encryption? Production sites should not use this pwd anyway (even if they are based on trunk).

We need to provide a simple mean to increase the currentPassword field size.

Could be as simple as an entry in https://cwiki.apache.org/confluence/display/OFBIZ/Revisions+Requiring+Data+Migration+-+upgrade+ofbiz

with ALTER TABLE UserLogin ALTER COLUMN currentPassword varchar(255)

Also nitpicking but I see no reasons to have blank lines between privates in HashCrypt ;)

Jacques


Le 05/12/2016 � 09:44, Nicolas Malin a �crit :
> hello Shi
>
> I think it's better to use a StringBuilder to build this.
>
> Cheers,
> Nicolas
> Le 05/12/2016 � 02:32, shijh@apache.org a �crit :
>> +            return pbkdf2Type + "$" + PBKDF2_ITERATIONS + "$" + salt + "$" + new String(hash);
>
>