-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm looking at hashing and salting passwords stored in Rave's database. This works fine for new user accounts, but the demo accounts (canonical, john.doe, etc) are a problem because they are inserted directly into the DB by DataSourcePopulator.java by reading initial_data.sql. It would be possible to grok the "@user_id_" lines from initial_data.sql and hash the passwords there in SqlFileParser.java before inserting in the DB, but this would be an ugly and fragile hack.
Other suggestions? Should we populate the database of demo users through JPA instead of inserting directly via SQL commands? Marlon -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOOwatAAoJEEfVXEODPFIDwLsH/iH9J4zxEsPsuRigckvkAual BmhJqpzZtB6KCJ5DnzwwQqTRsbJ5QoO8hlwLyTzNTZMkbU6zhsn6P33Wxh41WkEq hLe9ufvbUPjFsquK+1l5gYIiuDt0nW7S2C6qstycJ9ReA2QaYn4iz+7O7w73DwYx h6FxB3lM7vVXfdX9zVpBR2TPirBCjuDKJk0m7kGgspYqZ58cUZqlv08EniPhab7N +Qj793UVxogpqJ1PyoFwr4Q/oyYdGOHIUDu4WhkxIPXC6fzr4BL3LuCb3NmNcCBi puCQGR4sQ0r4VVfJke1U3umTN/0DGV65Ya89HyBFdhr87engTD/laCPdEEKU3N4= =Mj94 -----END PGP SIGNATURE-----
