I should also make it clear that if code changes are needed, then someone will need to do the code changes, and hopefully ASAP :-)
Richard. On Thu, 25 Jun 2015 at 15:41 Martin Harris <[email protected]> wrote: > I'd say '2' for now, then '1' in the next release > > Cheers > > M > > On 25 June 2015 at 15:39, Richard Downer <[email protected]> wrote: > > > All, but in particular @alasdairhodge, @grkvlt and @ahgittin: > > > > PR #687 "Tweak PasswordHasher to avoid potentially misleading use of > > ByteBuffer.array()" has an unresolved discussion around this potential > > break in backwards compatibility. > > > > This question is blocking the release, so we should come up with an > answer. > > > > The issue is a recent change in the password hashing algorithm. Password > > hashes from before and after the change are not compatible, so users with > > hashed passwords in their brooklyn.properties must regenerate them. > > > > The options are: > > > > 1 - document in the release notes that users must regenerate their > password > > hashes. > > 2 - change the code to try both old and new variants of the algorithm. > Warn > > the user they need to update. > > 3 - supply an upgrade tool (haven't checked if this is feasible) > > > > What are people's opinions? > > > > Richard. > > > > > > -- > Martin Harris > Lead Software Engineer > Cloudsoft Corporation Ltd > www.cloudsoftcorp.com > Mobile: +44 (0)7989 047-855 > > -- > Cloudsoft Corporation Limited, Registered in Scotland No: SC349230. > Registered Office: 13 Dryden Place, Edinburgh, EH9 1RP > > This e-mail message is confidential and for use by the addressee only. If > the message is received by anyone other than the addressee, please return > the message to the sender by replying to it and then delete the message > from your computer. Internet e-mails are not necessarily secure. Cloudsoft > Corporation Limited does not accept responsibility for changes made to this > message after it was sent. > > Whilst all reasonable care has been taken to avoid the transmission of > viruses, it is the responsibility of the recipient to ensure that the > onward transmission, opening or use of this message and any attachments > will not adversely affect its systems or data. No responsibility is > accepted by Cloudsoft Corporation Limited in this regard and the recipient > should carry out such virus and other checks as it considers appropriate. >
