[
https://issues.apache.org/jira/browse/JCR-3405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13430511#comment-13430511
]
angela commented on JCR-3405:
-----------------------------
Revision: 1370420
- add PasswordUtility for creating + comparing passwords
- UserManagerImpl: some config options related to password hashing
> PARAM_PASSWORD_HASH_ALGORITHM: the algorithm to use (default: SHA-256)
> PARAM_PASSWORD_HASH_ITERATIONS: number of iterations (default: 1000)
currently the salt size is not configurable. that could be added easily if
required.
- some improvement to handling of plaintxt passwords starting with {algorithm}.
as of rev. 1370420 all API
methods taking a plaintxt password treat it as plaintxt pw and thus force
hashing. this contrasts to
UserImporter which is expected to deal with password strings extracted from
the repo before and thus
doesn't enforce an extra hashing step.
so far no performance test were made if changing the default hashing has an
impact on login. i would
expect that with increasing number of iterations.
> Improvements to user management implementation
> ----------------------------------------------
>
> Key: JCR-3405
> URL: https://issues.apache.org/jira/browse/JCR-3405
> Project: Jackrabbit Content Repository
> Issue Type: Improvement
> Components: jackrabbit-core, security
> Reporter: angela
> Assignee: angela
> Fix For: 2.5.2
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
