You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2020/10/09 10:42:22 UTC
[james-project] 04/05: JAMES-1677 Upgrade default user password
hashing algorithms
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 5e56c751d8dba80af43a3c0f3fd4ee1439563f50
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Thu Oct 8 12:48:29 2020 +0700
JAMES-1677 Upgrade default user password hashing algorithms
The change is only applied to newly created users, no impact on existing users
---
CHANGELOG.md | 1 +
.../run/guice/cassandra-rabbitmq/destination/conf/usersrepository.xml | 2 +-
dockerfiles/run/guice/cassandra/destination/conf/usersrepository.xml | 2 +-
dockerfiles/run/guice/jpa/destination/conf/usersrepository.xml | 2 +-
dockerfiles/run/guice/memory/destination/conf/usersrepository.xml | 2 +-
dockerfiles/run/spring/destination/conf/usersrepository.xml | 2 +-
server/app/src/main/resources/usersrepository.xml | 2 +-
.../main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java | 2 +-
.../data-jpa/src/main/java/org/apache/james/user/jpa/JPAUsersDAO.java | 2 +-
.../src/main/java/org/apache/james/user/memory/MemoryUsersDAO.java | 4 ++--
10 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f87ace..51f48e3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,7 @@ Use BlobStore cache instead.
- JAMES-3305 Avoid crashes upon deserialization issues when consuming RabbitMQ messages, leverage dead-letter feature
- JAMES-3212 JMAP Handle subcrible/unsubcrible child's folder when update mailbox
- JAMES-3416 Fix ElasticSearch email address search
+- JAMES-1677 Upgrade default hasing algorithm to SHA-512
### Removed
- HybridBlobStore. This will be removed after 3.6.0 release. Introduced to fasten small blob access, its usage could be
diff --git a/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/usersrepository.xml b/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/usersrepository.xml
index 8b3e8e1..3a540c4 100644
--- a/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/usersrepository.xml
+++ b/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/usersrepository.xml
@@ -21,7 +21,7 @@
<!-- Read https://james.apache.org/server/config-users.html for further details -->
<usersrepository name="LocalUsers">
- <algorithm>MD5</algorithm>
+ <algorithm>SHA-512</algorithm>
<enableVirtualHosting>true</enableVirtualHosting>
<enableForwarding>true</enableForwarding>
</usersrepository>
diff --git a/dockerfiles/run/guice/cassandra/destination/conf/usersrepository.xml b/dockerfiles/run/guice/cassandra/destination/conf/usersrepository.xml
index 8b3e8e1..3a540c4 100644
--- a/dockerfiles/run/guice/cassandra/destination/conf/usersrepository.xml
+++ b/dockerfiles/run/guice/cassandra/destination/conf/usersrepository.xml
@@ -21,7 +21,7 @@
<!-- Read https://james.apache.org/server/config-users.html for further details -->
<usersrepository name="LocalUsers">
- <algorithm>MD5</algorithm>
+ <algorithm>SHA-512</algorithm>
<enableVirtualHosting>true</enableVirtualHosting>
<enableForwarding>true</enableForwarding>
</usersrepository>
diff --git a/dockerfiles/run/guice/jpa/destination/conf/usersrepository.xml b/dockerfiles/run/guice/jpa/destination/conf/usersrepository.xml
index 8b3e8e1..3a540c4 100644
--- a/dockerfiles/run/guice/jpa/destination/conf/usersrepository.xml
+++ b/dockerfiles/run/guice/jpa/destination/conf/usersrepository.xml
@@ -21,7 +21,7 @@
<!-- Read https://james.apache.org/server/config-users.html for further details -->
<usersrepository name="LocalUsers">
- <algorithm>MD5</algorithm>
+ <algorithm>SHA-512</algorithm>
<enableVirtualHosting>true</enableVirtualHosting>
<enableForwarding>true</enableForwarding>
</usersrepository>
diff --git a/dockerfiles/run/guice/memory/destination/conf/usersrepository.xml b/dockerfiles/run/guice/memory/destination/conf/usersrepository.xml
index 8b3e8e1..3a540c4 100644
--- a/dockerfiles/run/guice/memory/destination/conf/usersrepository.xml
+++ b/dockerfiles/run/guice/memory/destination/conf/usersrepository.xml
@@ -21,7 +21,7 @@
<!-- Read https://james.apache.org/server/config-users.html for further details -->
<usersrepository name="LocalUsers">
- <algorithm>MD5</algorithm>
+ <algorithm>SHA-512</algorithm>
<enableVirtualHosting>true</enableVirtualHosting>
<enableForwarding>true</enableForwarding>
</usersrepository>
diff --git a/dockerfiles/run/spring/destination/conf/usersrepository.xml b/dockerfiles/run/spring/destination/conf/usersrepository.xml
index 55f617c..a32265b 100644
--- a/dockerfiles/run/spring/destination/conf/usersrepository.xml
+++ b/dockerfiles/run/spring/destination/conf/usersrepository.xml
@@ -19,7 +19,7 @@
-->
<usersrepository name="LocalUsers" class="org.apache.james.user.jpa.JPAUsersRepository">
- <algorithm>MD5</algorithm>
+ <algorithm>SHA-512</algorithm>
<enableVirtualHosting>true</enableVirtualHosting>
</usersrepository>
diff --git a/server/app/src/main/resources/usersrepository.xml b/server/app/src/main/resources/usersrepository.xml
index ff34382..9552bc7 100644
--- a/server/app/src/main/resources/usersrepository.xml
+++ b/server/app/src/main/resources/usersrepository.xml
@@ -36,7 +36,7 @@
MD5, SHA-256, SHA-512, NONE
-->
<usersrepository name="LocalUsers" class="org.apache.james.user.jpa.JPAUsersRepository">
- <algorithm>MD5</algorithm>
+ <algorithm>SHA-512</algorithm>
<enableVirtualHosting>true</enableVirtualHosting>
<!-- User's name. Allow an user to access to the <a href="https://tools.ietf.org/html/rfc4616#section-2">impersonation command</a>, acting on the behalf of any user. -->
diff --git a/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java b/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java
index a5dddb8..25689c2 100644
--- a/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java
+++ b/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java
@@ -51,7 +51,7 @@ import com.google.common.base.Preconditions;
import com.google.common.primitives.Ints;
public class CassandraUsersDAO implements UsersDAO {
- private static final String DEFAULT_ALGO_VALUE = "SHA1";
+ private static final String DEFAULT_ALGO_VALUE = "SHA-512";
private final CassandraAsyncExecutor executor;
private final PreparedStatement getUserStatement;
diff --git a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/JPAUsersDAO.java b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/JPAUsersDAO.java
index b8ba183..46e0b57 100644
--- a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/JPAUsersDAO.java
+++ b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/JPAUsersDAO.java
@@ -56,7 +56,7 @@ public class JPAUsersDAO implements UsersDAO, Configurable {
@Override
public void configure(HierarchicalConfiguration<ImmutableNode> config) {
- algo = config.getString("algorithm", "MD5");
+ algo = config.getString("algorithm", "SHA-512");
}
/**
diff --git a/server/data/data-memory/src/main/java/org/apache/james/user/memory/MemoryUsersDAO.java b/server/data/data-memory/src/main/java/org/apache/james/user/memory/MemoryUsersDAO.java
index 7f175f4..33e07d2 100644
--- a/server/data/data-memory/src/main/java/org/apache/james/user/memory/MemoryUsersDAO.java
+++ b/server/data/data-memory/src/main/java/org/apache/james/user/memory/MemoryUsersDAO.java
@@ -39,12 +39,12 @@ public class MemoryUsersDAO implements UsersDAO, Configurable {
MemoryUsersDAO() {
this.userByName = new HashMap<>();
- this.algo = "MD5";
+ this.algo = "SHA-512";
}
@Override
public void configure(HierarchicalConfiguration<ImmutableNode> config) {
- algo = config.getString("algorithm", "MD5");
+ algo = config.getString("algorithm", "SHA-512");
}
public void clear() {
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org