You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Knut Anders Hatlen (Updated) (JIRA)" <ji...@apache.org> on 2012/04/18 13:09:44 UTC

[jira] [Updated] (DERBY-5693) BUILTIN should say passwords are hashed not encrypted

     [ https://issues.apache.org/jira/browse/DERBY-5693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Knut Anders Hatlen updated DERBY-5693:
--------------------------------------

    Attachment: d5693-1a.diff

Attaching a patch that changes "encrypt" to "hash" in the code comments in AuthenticationServiceBase and BasicAuthenticationServiceImpl. It also renames three methods in those classes to make it clearer that they don't encrypt the passwords, but rather hash them.
                
> BUILTIN should say passwords are hashed not encrypted
> -----------------------------------------------------
>
>                 Key: DERBY-5693
>                 URL: https://issues.apache.org/jira/browse/DERBY-5693
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.9.0.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Trivial
>         Attachments: d5693-1a.diff
>
>
> Many places in the BUILTIN authentication code it is said that passwords are encrypted before they are stored in the database. It would be more accurate to say that the passwords are hashed.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira