+0, JV.
On Tue, Aug 10, 2010 at 7:45 PM, Caleb James DeLisle <[email protected]> wrote: > Because protectPassword generates a base-64 encoded java serialized form, the > size is quite a bit larger than > the 255 character limit of StringProperty and thus PasswordProperty. > > The use of java serialization is central to the upgradability of the password > verification function because > any new class which implements PasswordVerificationFunction automatically > works. > > Given this, I want to migrate the database to move password hashes into the > xwikilargestrings table and change > PasswordProperty to extend LargeStringProperty. During this migration, any > passwords still stored in plaintext > will be ported to the scrypt function, passwords stored as a hash will have > an exclamation mark pretended to the > text (this is invalid base64) and be inserted into the table as is. > > PasswordClass will keep the sha-512 hash function for legacy passwords but > will port passwords to the new format > as users log in. > > These changes will allow us to close > http://jira.xwiki.org/jira/browse/XWIKI-70 > and > http://jira.xwiki.org/jira/browse/XWIKI-582 > > > WDYT? > > > Caleb > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
