On 08/10/2010 08:45 PM, Caleb James DeLisle wrote: > Because protectPassword generates a base-64 encoded java serialized form, the > size is quite a bit larger than > the 255 character limit of StringProperty and thus PasswordProperty.
What is the real reason for using base-64 encoding? Why not using a larger base? You convert the serialized bytes anyway. > > The use of java serialization is central to the upgradability of the password > verification function because > any new class which implements PasswordVerificationFunction automatically > works. This doesn't explain why you need to store the serialized instance of a PasswordVerificationFunction implementation as a base-64 string. Thanks, Marius > > Given this, I want to migrate the database to move password hashes into the > xwikilargestrings table and change > PasswordProperty to extend LargeStringProperty. During this migration, any > passwords still stored in plaintext > will be ported to the scrypt function, passwords stored as a hash will have > an exclamation mark pretended to the > text (this is invalid base64) and be inserted into the table as is. > > PasswordClass will keep the sha-512 hash function for legacy passwords but > will port passwords to the new format > as users log in. > > These changes will allow us to close > http://jira.xwiki.org/jira/browse/XWIKI-70 > and > http://jira.xwiki.org/jira/browse/XWIKI-582 > > > WDYT? > > > Caleb > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
