You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Rick Hillegas (JIRA)" <ji...@apache.org> on 2010/03/05 20:14:27 UTC

[jira] Commented: (DERBY-4483) Provide a way to change the hash algorithm used by BUILTIN authentication

    [ https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12841979#action_12841979 ] 

Rick Hillegas commented on DERBY-4483:
--------------------------------------

Hi Knut,

Thanks for the experiment.patch increment. I had a couple polishing issues:

o Thanks for the extensive write-up explaining how the new code works. It would be helpful if that writeup were included in a header comment somewhere.

o I did not understand why the prefixes 3b60 and 3b61 were chosen to flag authentication schemes. Since you have been in there and probably understand why those strings are used rather than some other strings, it would be helpful if you could record that reasoning in a comment.

o The symbol name ID_PATTERN_NEW_SCHEME suggests that there is an even older scheme which might still be used in really old databases. Is that possible? If so, does BasicAuthenticationServiceImpl.encryptPasswordUsingStoredAlgorithm() need to handle another case? If not, it would be less confusing if this symbol were renamed so that it did not suggest an impossibile situation to unwary readers like me.

o If AuthenticationServiceBase.encryptPassword() really is only used by the newly introduced configurable scheme, it would be helpful if the name of this method indicated that.

o I agree that it would be good to add a more specific error message in that method.

Thanks,
-Rick

> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>
>                 Key: DERBY-4483
>                 URL: https://issues.apache.org/jira/browse/DERBY-4483
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.5.3.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>         Attachments: experiment.diff, upgrade-test.diff
>
>
> The BUILTIN authentication scheme protects the passwords by hashing them with the SHA-1 algorithm. It would be nice to have way to specify a different algorithm so that users can take advantage of new, stronger algorithms provided by their JCE provider if so desired.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.