Zitat von Justin Deoliveira <jdeol...@opengeo.org>: > How close is your work to being commit ready Christian? Is there any sort of > timeline? If you plan to be in a position to commit work soon then I would > say it would make sense for Ian to hold back part of the patch, but if it is > still a while yet then imo it is not really fair to make him wait . Others > may disagree but generally from my experience it is the developer on the > longer term branch that has to carry the burden of merging after the fact, > and simply has to deal with changes that have happened in the interim.
The patch is the result from GSOC 2011 and is ready since about a week. I wait for Andrea as my mentor to review. My primary sorrow is that Ians patch introduces password digesting to GeoserverUserDoa/users.properties and after my patch is applied, an automatic migration from users properties takes place. For the new authentication concept(CAS, proxy authentication,....) I will have to rollback most of the Ians changes concerning user passwords, the job will not become easier. Lets wait for Andreas review ? > > $0.02 > > -Justin > > On Tue, Aug 30, 2011 at 10:04 PM, <christian.muel...@nvoe.at> wrote: > >> Ian and me decided to open a thread on the developers list concerning >> >> https://jira.codehaus.org/browse/GEOS-4702 >> https://jira.codehaus.org/browse/GEOS-4554 >> >> Each issue has a patch, unfortunately they are overlapping. >> >> Ians patch has two major topics >> >> a) Digesting passwords in the user.properties file >> b) Encrypting passwords for geoserver stores >> >> add a) >> The user.properties file and the GeoserverUserDao are replaced by >> UserGroupServices and GrantedAuthorityServices by my patch. It will be >> possible to have more than one backend for users/groups. At the moment >> I deferred password digesting since I am investigating into >> authentication manager / authentication providers supporting CAS,proxy >> authentication,password authentication and so on. Not every user has >> to be authenticated by userid/password, nor has the user information >> to be stored within a geoserver backend implementation. >> >> add b) >> This topic is unique to Ians patch. Some comments >> >> 1) >> I would use this concept for the master key >> http://www.jasypt.org/webconfiguration.html >> The default should be the GeoserverExtensiosns.getProperty mechanism, >> but it would be nice to have the possibility to inject the master key >> using Spring. >> >> 2) >> I would prefer a md5/aes 128 encryption as default and would avoid DES >> which is not state of the art and could be broken by brute force today >> (only 56 Bit key length). >> >> >> 3) Perhaps, there should be a possibility to turn this feature off >> after turning it on, not sure here. >> >> >> Proposal: >> Ian, do you see a possibility to reduce your patch to the encrpytion >> (PBE) feature. At the moment we cannot apply both patches >> simultaneously and I want a situation where we can continue work >> independently. >> >> Opinions ? >> >> Cheers >> Christian >> >> >> >> >> >> >> ---------------------------------------------------------------- >> This message was sent using IMP, the Internet Messaging Program. >> >> >> >> >> ------------------------------------------------------------------------------ >> Special Offer -- Download ArcSight Logger for FREE! >> Finally, a world-class log management solution at an even better >> price-free! And you'll get a free "Love Thy Logs" t-shirt when you >> download Logger. Secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsisghtdev2dev >> _______________________________________________ >> Geoserver-devel mailing list >> Geoserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-devel >> > > > > -- > Justin Deoliveira > OpenGeo - http://opengeo.org > Enterprise support for open source geospatial. > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
