I think #1 is the better option. I am personally reluctant to even
consider #2.
$0.02,
Hadrian
On 06/25/2015 10:43 AM, Andrea Turli wrote:
I'm in favor of 1. Of course 2 will be ok as well.
Best,
Andrea
On Thu, 25 Jun 2015 at 16:41 Martin Harris <[email protected]>
wrote:
I'd say '2' for now, then '1' in the next release
Cheers
M
On 25 June 2015 at 15:39, Richard Downer <[email protected]> wrote:
All, but in particular @alasdairhodge, @grkvlt and @ahgittin:
PR #687 "Tweak PasswordHasher to avoid potentially misleading use of
ByteBuffer.array()" has an unresolved discussion around this potential
break in backwards compatibility.
This question is blocking the release, so we should come up with an
answer.
The issue is a recent change in the password hashing algorithm. Password
hashes from before and after the change are not compatible, so users with
hashed passwords in their brooklyn.properties must regenerate them.
The options are:
1 - document in the release notes that users must regenerate their
password
hashes.
2 - change the code to try both old and new variants of the algorithm.
Warn
the user they need to update.
3 - supply an upgrade tool (haven't checked if this is feasible)
What are people's opinions?
Richard.
--
Martin Harris
Lead Software Engineer
Cloudsoft Corporation Ltd
www.cloudsoftcorp.com
Mobile: +44 (0)7989 047-855
--
Cloudsoft Corporation Limited, Registered in Scotland No: SC349230.
Registered Office: 13 Dryden Place, Edinburgh, EH9 1RP
This e-mail message is confidential and for use by the addressee only. If
the message is received by anyone other than the addressee, please return
the message to the sender by replying to it and then delete the message
from your computer. Internet e-mails are not necessarily secure. Cloudsoft
Corporation Limited does not accept responsibility for changes made to this
message after it was sent.
Whilst all reasonable care has been taken to avoid the transmission of
viruses, it is the responsibility of the recipient to ensure that the
onward transmission, opening or use of this message and any attachments
will not adversely affect its systems or data. No responsibility is
accepted by Cloudsoft Corporation Limited in this regard and the recipient
should carry out such virus and other checks as it considers appropriate.
