On 08/18/2010 04:43 PM, Anca Luca wrote: > Hi Caleb, > > On 08/17/2010 09:15 PM, Caleb James DeLisle wrote: >> I am going to commit this change and want to continue to discuss possible >> side effects. >> >> I think this change will solve the bug causing database corruption when list >> property is switched to relational storage >> (I can't find this in jira anyone know the number? Sergiu?) >> >> I will be adding more tests and am ready to revert it at the first sign of >> trouble. > > I haven't had time to look at the issue to be able to cast a vote > knowing what I am saying but > > i don't agree with this approach. please don't.
One thing that will break is HQL queries hardcoded on StringProperty. > Thanks, > Anca > >> >> >> Caleb >> >> >> Caleb James DeLisle wrote: >>> I have what I think is a better solution. >>> I have found that I can replace the StringProperty objects with >>> LargeStringProperty in >>> XWikiHibernateStore and they will save and load ok. >>> I have a patch http://jira.xwiki.org/jira/browse/XWIKI-5415 and would be >>> interested to >>> hear what others have to say. In the mean time I will work on adding >>> automated tests >>> to prove that load save and search continue to work. >>> >>> Caleb >>> >>> Thomas Mortagne wrote: >>>> +0 >>>> >>>> Le 2010 8 10 19:34, "Caleb James DeLisle"<[email protected]> a >>>> écrit : >>>>> Because protectPassword generates a base-64 encoded java serialized form, >>>> the size is quite a bit larger than >>>>> the 255 character limit of StringProperty and thus PasswordProperty. >>>>> >>>>> The use of java serialization is central to the upgradability of the >>>> password verification function because >>>>> any new class which implements PasswordVerificationFunction automatically >>>> works. >>>>> Given this, I want to migrate the database to move password hashes into >>>> the xwikilargestrings table and change >>>>> PasswordProperty to extend LargeStringProperty. During this migration, any >>>> passwords still stored in plaintext >>>>> will be ported to the scrypt function, passwords stored as a hash will >>>> have an exclamation mark pretended to the >>>>> text (this is invalid base64) and be inserted into the table as is. >>>>> >>>>> PasswordClass will keep the sha-512 hash function for legacy passwords but >>>> will port passwords to the new format >>>>> as users log in. >>>>> >>>>> These changes will allow us to close >>>>> http://jira.xwiki.org/jira/browse/XWIKI-70 >>>>> and >>>>> http://jira.xwiki.org/jira/browse/XWIKI-582 >>>>> >>>>> >>>>> WDYT? >>>>> >>>>> >>>>> Caleb -- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
