You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Adam Heath (Commented) (JIRA)" <ji...@apache.org> on 2012/04/19 19:08:40 UTC

[jira] [Commented] (OFBIZ-4824) Deprecated use of org.ofbiz.base.crypto.HashCrypt

    [ https://issues.apache.org/jira/browse/OFBIZ-4824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13257602#comment-13257602 ] 

Adam Heath commented on OFBIZ-4824:
-----------------------------------

I have fixed GenericEntity locally.  However, it means that every time GenericEntity.toString() is called, you will get a *different* string, as a random salt is prepended to encrypted fields.  But really, no one should be comparing the exact string output anyways.

And, actually, that call in toString is really truly broken.  It should do the same thing as EntityCrypto; to do anything less, would mean that PCI compliance is not being met.

Fixing EntityCrypto is a bit more difficult.  I don't want to just @SuppressWarnings("deprecation") on these methods; they really need to use the new and improved methods.  However, I can't just switch completely, 'cuz then all existing crypted fields will no longer load.

Stay tuned.
                
> Deprecated use of org.ofbiz.base.crypto.HashCrypt
> -------------------------------------------------
>
>                 Key: OFBIZ-4824
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-4824
>             Project: OFBiz
>          Issue Type: Bug
>          Components: framework
>    Affects Versions: SVN trunk
>            Reporter: Pierre Smits
>            Assignee: Adam Heath
>             Fix For: SVN trunk
>
>
> Hash 
> classes:
>   [javac16] Compiling 140 source files to /ci/ofbiz/framework/entity/build/classes
>   [javac16] /ci/ofbiz/framework/entity/src/org/ofbiz/entity/GenericEntity.java:1299: warning: [deprecation] getDigestHash(java.lang.String) in org.ofbiz.base.crypto.HashCrypt has been deprecated
>   [javac16]                 curValue = HashCrypt.getDigestHash(encryptField);
>   [javac16]                                     ^
>   [javac16] /ci/ofbiz/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java:122: warning: [deprecation] getDigestHashOldFunnyHexEncode(java.lang.String,java.lang.String) in org.ofbiz.base.crypto.HashCrypt has been deprecated
>   [javac16]         String hashedKeyName = useOldFunnyKeyHash? HashCrypt.getDigestHashOldFunnyHexEncode(originalKeyName, null) : HashCrypt.getDigestHash(originalKeyName);
>   [javac16]                                                             ^
>   [javac16] /ci/ofbiz/framework/entity/src/org/ofbiz/entity/util/EntityCrypto.java:122: warning: [deprecation] getDigestHash(java.lang.String) in org.ofbiz.base.crypto.HashCrypt has been deprecated
>   [javac16]         String hashedKeyName = useOldFunnyKeyHash? HashCrypt.getDigestHashOldFunnyHexEncode(originalKeyName, null) : HashCrypt.getDigestHash(originalKeyName);
>   [javac16]                                                                                                                               ^
>   [javac16] 3 warnings

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira