>-----Original Message----- >From: Ciancetta, Jesse E. [mailto:[email protected]] >Sent: Monday, August 08, 2011 8:40 AM >To: [email protected] >Subject: RE: [discuss] hashing, salting, and initial_data.sql > >>-----Original Message----- >>From: Marlon Pierce [mailto:[email protected]] >>Sent: Thursday, August 04, 2011 4:53 PM >>To: [email protected] >>Subject: [discuss] hashing, salting, and initial_data.sql >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>I'm looking at hashing and salting passwords stored in Rave's database. This >>works fine for new user accounts, but the demo accounts (canonical, >>john.doe, etc) are a problem because they are inserted directly into the DB >by >>DataSourcePopulator.java by reading initial_data.sql. It would be possible to >>grok the "@user_id_" lines from initial_data.sql and hash the passwords >there >>in SqlFileParser.java before inserting in the DB, but this would be an ugly >>and >>fragile hack. >> >> >>Other suggestions? Should we populate the database of demo users >through >>JPA instead of inserting directly via SQL commands? > >Is there some reason you can't salt and hash the passwords for the demo >accounts manually and then insert the pre-salted/hashed values directly into >the initial_data.sql file (with a comment block explaining what's being done >and what the actual passwords are)?
+1 Its only demo data :) > >Admittedly not the most elegant solution, but seems good enough for what >we need to do. So long as it is working when users change/create their passwords, I think this solution is perfectly fine. >> >>Marlon >>-----BEGIN PGP SIGNATURE----- >>Version: GnuPG/MacGPG2 v2.0.16 (Darwin) >>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >>iQEcBAEBAgAGBQJOOwatAAoJEEfVXEODPFIDwLsH/iH9J4zxEsPsuRigckvkAua >l >>BmhJqpzZtB6KCJ5DnzwwQqTRsbJ5QoO8hlwLyTzNTZMkbU6zhsn6P33Wxh41 >>WkEq >>hLe9ufvbUPjFsquK+1l5gYIiuDt0nW7S2C6qstycJ9ReA2QaYn4iz+7O7w73DwYx >>h6FxB3lM7vVXfdX9zVpBR2TPirBCjuDKJk0m7kGgspYqZ58cUZqlv08EniPhab7N >>+Qj793UVxogpqJ1PyoFwr4Q/oyYdGOHIUDu4WhkxIPXC6fzr4BL3LuCb3NmNc >C >>Bi >>puCQGR4sQ0r4VVfJke1U3umTN/0DGV65Ya89HyBFdhr87engTD/laCPdEEKU3 >N >>4= >>=Mj94 >>-----END PGP SIGNATURE-----
