+0
Le 2010 8 10 19:34, "Caleb James DeLisle" <[email protected]> a écrit : > Because protectPassword generates a base-64 encoded java serialized form, the size is quite a bit larger than > the 255 character limit of StringProperty and thus PasswordProperty. > > The use of java serialization is central to the upgradability of the password verification function because > any new class which implements PasswordVerificationFunction automatically works. > > Given this, I want to migrate the database to move password hashes into the xwikilargestrings table and change > PasswordProperty to extend LargeStringProperty. During this migration, any passwords still stored in plaintext > will be ported to the scrypt function, passwords stored as a hash will have an exclamation mark pretended to the > text (this is invalid base64) and be inserted into the table as is. > > PasswordClass will keep the sha-512 hash function for legacy passwords but will port passwords to the new format > as users log in. > > These changes will allow us to close > http://jira.xwiki.org/jira/browse/XWIKI-70 > and > http://jira.xwiki.org/jira/browse/XWIKI-582 > > > WDYT? > > > Caleb > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
