#1 This is already in the release notes btw thx to Sam.
Best Alex On 28 Jun 2015 02:00, "Hadrian Zbarcea" <[email protected]> wrote: > I think #1 is the better option. I am personally reluctant to even > consider #2. > > $0.02, > Hadrian > > > On 06/25/2015 10:43 AM, Andrea Turli wrote: > >> I'm in favor of 1. Of course 2 will be ok as well. >> >> Best, >> Andrea >> >> On Thu, 25 Jun 2015 at 16:41 Martin Harris < >> [email protected]> >> wrote: >> >> I'd say '2' for now, then '1' in the next release >>> >>> Cheers >>> >>> M >>> >>> On 25 June 2015 at 15:39, Richard Downer <[email protected]> wrote: >>> >>> All, but in particular @alasdairhodge, @grkvlt and @ahgittin: >>>> >>>> PR #687 "Tweak PasswordHasher to avoid potentially misleading use of >>>> ByteBuffer.array()" has an unresolved discussion around this potential >>>> break in backwards compatibility. >>>> >>>> This question is blocking the release, so we should come up with an >>>> >>> answer. >>> >>>> >>>> The issue is a recent change in the password hashing algorithm. Password >>>> hashes from before and after the change are not compatible, so users >>>> with >>>> hashed passwords in their brooklyn.properties must regenerate them. >>>> >>>> The options are: >>>> >>>> 1 - document in the release notes that users must regenerate their >>>> >>> password >>> >>>> hashes. >>>> 2 - change the code to try both old and new variants of the algorithm. >>>> >>> Warn >>> >>>> the user they need to update. >>>> 3 - supply an upgrade tool (haven't checked if this is feasible) >>>> >>>> What are people's opinions? >>>> >>>> Richard. >>>> >>>> >>> >>> >>> -- >>> Martin Harris >>> Lead Software Engineer >>> Cloudsoft Corporation Ltd >>> www.cloudsoftcorp.com >>> Mobile: +44 (0)7989 047-855 >>> >>> -- >>> Cloudsoft Corporation Limited, Registered in Scotland No: SC349230. >>> Registered Office: 13 Dryden Place, Edinburgh, EH9 1RP >>> >>> This e-mail message is confidential and for use by the addressee only. If >>> the message is received by anyone other than the addressee, please return >>> the message to the sender by replying to it and then delete the message >>> from your computer. Internet e-mails are not necessarily secure. >>> Cloudsoft >>> Corporation Limited does not accept responsibility for changes made to >>> this >>> message after it was sent. >>> >>> Whilst all reasonable care has been taken to avoid the transmission of >>> viruses, it is the responsibility of the recipient to ensure that the >>> onward transmission, opening or use of this message and any attachments >>> will not adversely affect its systems or data. No responsibility is >>> accepted by Cloudsoft Corporation Limited in this regard and the >>> recipient >>> should carry out such virus and other checks as it considers appropriate. >>> >>> >> -- Cloudsoft Corporation Limited, Registered in Scotland No: SC349230. Registered Office: 13 Dryden Place, Edinburgh, EH9 1RP This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. Cloudsoft Corporation Limited does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by Cloudsoft Corporation Limited in this regard and the recipient should carry out such virus and other checks as it considers appropriate.
