You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2020/07/13 02:14:00 UTC

[GitHub] [servicecomb-service-center] tianxiaoliang opened a new pull request #662: remove grpc support

tianxiaoliang opened a new pull request #662:
URL: https://github.com/apache/servicecomb-service-center/pull/662


   Follow this checklist to help us incorporate your contribution quickly and easily:
   
    - [ ] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/SCB) filed for the change (usually before you start working on it).  Trivial changes like typos do not require a JIRA issue.  Your pull request should address just this issue, without pulling in other changes.
    - [ ] Each commit in the pull request should have a meaningful subject line and body.
    - [ ] Format the pull request title like `[SCB-XXX] Fixes bug in ApproximateQuantiles`, where you replace `SCB-XXX` with the appropriate JIRA issue.
    - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
    - [ ] Run `go build` `go test` `go fmt` `go vet` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
    - [ ] If this contribution is large, please file an Apache [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
   
   ---
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang commented on a change in pull request #662: remove grpc support

Posted by GitBox <gi...@apache.org>.

tianxiaoliang commented on a change in pull request #662:
URL: https://github.com/apache/servicecomb-service-center/pull/662#discussion_r453460481



##########
File path: server/service/rbac/dao/account_dao.go
##########
@@ -55,7 +56,11 @@ func CreateAccount(ctx context.Context, a *rbacframe.Account) error {
 	if exist {
 		return ErrDuplicated
 	}
-
+	a.Password, err = cipher.Encrypt(a.Password)

Review comment:
       如果用hash还是可以很容易的破解，还是得加盐，比如秘钥， 搞对称加密的方案已经有了，复用成本低




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang commented on a change in pull request #662: remove grpc support

Posted by GitBox <gi...@apache.org>.

tianxiaoliang commented on a change in pull request #662:
URL: https://github.com/apache/servicecomb-service-center/pull/662#discussion_r453460481



##########
File path: server/service/rbac/dao/account_dao.go
##########
@@ -55,7 +56,11 @@ func CreateAccount(ctx context.Context, a *rbacframe.Account) error {
 	if exist {
 		return ErrDuplicated
 	}
-
+	a.Password, err = cipher.Encrypt(a.Password)

Review comment:
       如果用hash还是可以很容易的破解，还是得加盐，比如秘钥，还是得搞对称加密




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] jeho0815 commented on a change in pull request #662: remove grpc support

Posted by GitBox <gi...@apache.org>.

jeho0815 commented on a change in pull request #662:
URL: https://github.com/apache/servicecomb-service-center/pull/662#discussion_r453455660



##########
File path: server/service/rbac/dao/account_dao.go
##########
@@ -55,7 +56,11 @@ func CreateAccount(ctx context.Context, a *rbacframe.Account) error {
 	if exist {
 		return ErrDuplicated
 	}
-
+	a.Password, err = cipher.Encrypt(a.Password)

Review comment:
       密码直接hash保存？后面只需要比较是否一致，不需要知道明文信息吧




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang commented on a change in pull request #662: remove grpc support

Posted by GitBox <gi...@apache.org>.

tianxiaoliang commented on a change in pull request #662:
URL: https://github.com/apache/servicecomb-service-center/pull/662#discussion_r453462107



##########
File path: server/service/rbac/dao/account_dao.go
##########
@@ -55,7 +56,11 @@ func CreateAccount(ctx context.Context, a *rbacframe.Account) error {
 	if exist {
 		return ErrDuplicated
 	}
-
+	a.Password, err = cipher.Encrypt(a.Password)

Review comment:
       可以 我考虑个安全的哈希方式吧




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang commented on a change in pull request #662: remove grpc support

Posted by GitBox <gi...@apache.org>.

tianxiaoliang commented on a change in pull request #662:
URL: https://github.com/apache/servicecomb-service-center/pull/662#discussion_r453460481



##########
File path: server/service/rbac/dao/account_dao.go
##########
@@ -55,7 +56,11 @@ func CreateAccount(ctx context.Context, a *rbacframe.Account) error {
 	if exist {
 		return ErrDuplicated
 	}
-
+	a.Password, err = cipher.Encrypt(a.Password)

Review comment:
       如果用hash还是可以很容系的破解，还是得加盐，比如秘钥，说白了，还是得搞对称加密

##########
File path: server/service/rbac/dao/account_dao.go
##########
@@ -55,7 +56,11 @@ func CreateAccount(ctx context.Context, a *rbacframe.Account) error {
 	if exist {
 		return ErrDuplicated
 	}
-
+	a.Password, err = cipher.Encrypt(a.Password)

Review comment:
       如果用hash还是可以很容易的破解，还是得加盐，比如秘钥，说白了，还是得搞对称加密




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang merged pull request #662: remove grpc support

Posted by GitBox <gi...@apache.org>.

tianxiaoliang merged pull request #662:
URL: https://github.com/apache/servicecomb-service-center/pull/662


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang commented on a change in pull request #662: remove grpc support

Posted by GitBox <gi...@apache.org>.

tianxiaoliang commented on a change in pull request #662:
URL: https://github.com/apache/servicecomb-service-center/pull/662#discussion_r453459830



##########
File path: server/service/rbac/dao/account_dao.go
##########
@@ -55,7 +56,11 @@ func CreateAccount(ctx context.Context, a *rbacframe.Account) error {
 	if exist {
 		return ErrDuplicated
 	}
-
+	a.Password, err = cipher.Encrypt(a.Password)

Review comment:
       更安全的方式还是要加密后保存




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang commented on a change in pull request #662: remove grpc support

Posted by GitBox <gi...@apache.org>.

tianxiaoliang commented on a change in pull request #662:
URL: https://github.com/apache/servicecomb-service-center/pull/662#discussion_r453459830



##########
File path: server/service/rbac/dao/account_dao.go
##########
@@ -55,7 +56,11 @@ func CreateAccount(ctx context.Context, a *rbacframe.Account) error {
 	if exist {
 		return ErrDuplicated
 	}
-
+	a.Password, err = cipher.Encrypt(a.Password)

Review comment:
       更安全的方式还是要加密后保存




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org