This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 5e56c751d8dba80af43a3c0f3fd4ee1439563f50 Author: Benoit Tellier <[email protected]> AuthorDate: Thu Oct 8 12:48:29 2020 +0700 JAMES-1677 Upgrade default user password hashing algorithms The change is only applied to newly created users, no impact on existing users --- CHANGELOG.md | 1 + .../run/guice/cassandra-rabbitmq/destination/conf/usersrepository.xml | 2 +- dockerfiles/run/guice/cassandra/destination/conf/usersrepository.xml | 2 +- dockerfiles/run/guice/jpa/destination/conf/usersrepository.xml | 2 +- dockerfiles/run/guice/memory/destination/conf/usersrepository.xml | 2 +- dockerfiles/run/spring/destination/conf/usersrepository.xml | 2 +- server/app/src/main/resources/usersrepository.xml | 2 +- .../main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java | 2 +- .../data-jpa/src/main/java/org/apache/james/user/jpa/JPAUsersDAO.java | 2 +- .../src/main/java/org/apache/james/user/memory/MemoryUsersDAO.java | 4 ++-- 10 files changed, 11 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f87ace..51f48e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,7 @@ Use BlobStore cache instead. - JAMES-3305 Avoid crashes upon deserialization issues when consuming RabbitMQ messages, leverage dead-letter feature - JAMES-3212 JMAP Handle subcrible/unsubcrible child's folder when update mailbox - JAMES-3416 Fix ElasticSearch email address search +- JAMES-1677 Upgrade default hasing algorithm to SHA-512 ### Removed - HybridBlobStore. This will be removed after 3.6.0 release. Introduced to fasten small blob access, its usage could be diff --git a/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/usersrepository.xml b/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/usersrepository.xml index 8b3e8e1..3a540c4 100644 --- a/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/usersrepository.xml +++ b/dockerfiles/run/guice/cassandra-rabbitmq/destination/conf/usersrepository.xml @@ -21,7 +21,7 @@ <!-- Read https://james.apache.org/server/config-users.html for further details --> <usersrepository name="LocalUsers"> - <algorithm>MD5</algorithm> + <algorithm>SHA-512</algorithm> <enableVirtualHosting>true</enableVirtualHosting> <enableForwarding>true</enableForwarding> </usersrepository> diff --git a/dockerfiles/run/guice/cassandra/destination/conf/usersrepository.xml b/dockerfiles/run/guice/cassandra/destination/conf/usersrepository.xml index 8b3e8e1..3a540c4 100644 --- a/dockerfiles/run/guice/cassandra/destination/conf/usersrepository.xml +++ b/dockerfiles/run/guice/cassandra/destination/conf/usersrepository.xml @@ -21,7 +21,7 @@ <!-- Read https://james.apache.org/server/config-users.html for further details --> <usersrepository name="LocalUsers"> - <algorithm>MD5</algorithm> + <algorithm>SHA-512</algorithm> <enableVirtualHosting>true</enableVirtualHosting> <enableForwarding>true</enableForwarding> </usersrepository> diff --git a/dockerfiles/run/guice/jpa/destination/conf/usersrepository.xml b/dockerfiles/run/guice/jpa/destination/conf/usersrepository.xml index 8b3e8e1..3a540c4 100644 --- a/dockerfiles/run/guice/jpa/destination/conf/usersrepository.xml +++ b/dockerfiles/run/guice/jpa/destination/conf/usersrepository.xml @@ -21,7 +21,7 @@ <!-- Read https://james.apache.org/server/config-users.html for further details --> <usersrepository name="LocalUsers"> - <algorithm>MD5</algorithm> + <algorithm>SHA-512</algorithm> <enableVirtualHosting>true</enableVirtualHosting> <enableForwarding>true</enableForwarding> </usersrepository> diff --git a/dockerfiles/run/guice/memory/destination/conf/usersrepository.xml b/dockerfiles/run/guice/memory/destination/conf/usersrepository.xml index 8b3e8e1..3a540c4 100644 --- a/dockerfiles/run/guice/memory/destination/conf/usersrepository.xml +++ b/dockerfiles/run/guice/memory/destination/conf/usersrepository.xml @@ -21,7 +21,7 @@ <!-- Read https://james.apache.org/server/config-users.html for further details --> <usersrepository name="LocalUsers"> - <algorithm>MD5</algorithm> + <algorithm>SHA-512</algorithm> <enableVirtualHosting>true</enableVirtualHosting> <enableForwarding>true</enableForwarding> </usersrepository> diff --git a/dockerfiles/run/spring/destination/conf/usersrepository.xml b/dockerfiles/run/spring/destination/conf/usersrepository.xml index 55f617c..a32265b 100644 --- a/dockerfiles/run/spring/destination/conf/usersrepository.xml +++ b/dockerfiles/run/spring/destination/conf/usersrepository.xml @@ -19,7 +19,7 @@ --> <usersrepository name="LocalUsers" class="org.apache.james.user.jpa.JPAUsersRepository"> - <algorithm>MD5</algorithm> + <algorithm>SHA-512</algorithm> <enableVirtualHosting>true</enableVirtualHosting> </usersrepository> diff --git a/server/app/src/main/resources/usersrepository.xml b/server/app/src/main/resources/usersrepository.xml index ff34382..9552bc7 100644 --- a/server/app/src/main/resources/usersrepository.xml +++ b/server/app/src/main/resources/usersrepository.xml @@ -36,7 +36,7 @@ MD5, SHA-256, SHA-512, NONE --> <usersrepository name="LocalUsers" class="org.apache.james.user.jpa.JPAUsersRepository"> - <algorithm>MD5</algorithm> + <algorithm>SHA-512</algorithm> <enableVirtualHosting>true</enableVirtualHosting> <!-- User's name. Allow an user to access to the <a href="https://tools.ietf.org/html/rfc4616#section-2";>impersonation command</a>, acting on the behalf of any user. --> diff --git a/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java b/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java index a5dddb8..25689c2 100644 --- a/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java +++ b/server/data/data-cassandra/src/main/java/org/apache/james/user/cassandra/CassandraUsersDAO.java @@ -51,7 +51,7 @@ import com.google.common.base.Preconditions; import com.google.common.primitives.Ints; public class CassandraUsersDAO implements UsersDAO { - private static final String DEFAULT_ALGO_VALUE = "SHA1"; + private static final String DEFAULT_ALGO_VALUE = "SHA-512"; private final CassandraAsyncExecutor executor; private final PreparedStatement getUserStatement; diff --git a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/JPAUsersDAO.java b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/JPAUsersDAO.java index b8ba183..46e0b57 100644 --- a/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/JPAUsersDAO.java +++ b/server/data/data-jpa/src/main/java/org/apache/james/user/jpa/JPAUsersDAO.java @@ -56,7 +56,7 @@ public class JPAUsersDAO implements UsersDAO, Configurable { @Override public void configure(HierarchicalConfiguration<ImmutableNode> config) { - algo = config.getString("algorithm", "MD5"); + algo = config.getString("algorithm", "SHA-512"); } /** diff --git a/server/data/data-memory/src/main/java/org/apache/james/user/memory/MemoryUsersDAO.java b/server/data/data-memory/src/main/java/org/apache/james/user/memory/MemoryUsersDAO.java index 7f175f4..33e07d2 100644 --- a/server/data/data-memory/src/main/java/org/apache/james/user/memory/MemoryUsersDAO.java +++ b/server/data/data-memory/src/main/java/org/apache/james/user/memory/MemoryUsersDAO.java @@ -39,12 +39,12 @@ public class MemoryUsersDAO implements UsersDAO, Configurable { MemoryUsersDAO() { this.userByName = new HashMap<>(); - this.algo = "MD5"; + this.algo = "SHA-512"; } @Override public void configure(HierarchicalConfiguration<ImmutableNode> config) { - algo = config.getString("algorithm", "MD5"); + algo = config.getString("algorithm", "SHA-512"); } public void clear() { --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
