I tired implementing the paswordhash.java file but it threw me with any error
that is invalid column salt. Can you tell me where I am mistaken and secondly
since I am new to use eclipse so can you help me as how can I debug the dspace
jspui webapp. I am using Eclipse juno with jre 1.6 and tomcat 7, DB is postgre.
Also share how can I do remote application debugging as I tried but with no
success. My running instance is in a windows based vm.
Thanks & Regards
From: [email protected] [mailto:[email protected]] On Behalf Of helix84
Sent: Thursday, November 01, 2012 4:37 PM
To: Umair Kayani
Cc: João Melo; [email protected]
Subject: Re: [Dspace-tech] Application Security details of dspace 1.8.2
On Thu, Nov 1, 2012 at 12:15 PM, Umair Kayani <[email protected]> wrote:
> Actually we surely implement SSL but we also want our password be saved in
> hashed form using SHA variants or some other algorithm whatever we like to
> use rather than using dspace default hashing algorithm.
Why didn't you just say so? :) As you can see, thanks to this patch it's much
easier to use "upgrade" the hashing method if you want.
On Thu, Nov 1, 2012 at 12:28 PM, Umair Kayani <[email protected]> wrote:
Well thanks let me try this one also but the source that I got doesn’t have
this passwordhash.java code file. Is this hash code file from DSpace 3 sources
or from same 1.8.2. I think I downloaded 1.8.2 version of dspace 1 week back
but I can’t find this file there. What does this website do is this for those
people who fixes the bugs or mods, secondly is it safe enough to use code files
uploaded here.
The DSpace/DSpace repository on GitHub is now the official place where we keep
the source code, so yes, it is safe.
You're right, João pointed you to the master branch, which will become DSpace
3.0 soon (this month). I recommend you to work with this branch because of that
hashing+salting patch which was not available in 1.8. I'm sure that before you
have your changes ready, there will be a release, so you could start with 3.0.
If you still prefer to work with 1.8.2, I strongly recommend you to apply the
patch (the link I sent you).
Regards,
~~helix84
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
