On Mon, Nov 05, 2012 at 05:17:06PM +0500, Umair Kayani wrote:
I tired implementing the paswordhash.java file but it threw me with any error
that is invalid column salt. Can you tell me where I am mistaken and secondly
since I am new to use eclipse so can you help me as how can I debug the
Kayani
-Original Message-
From: ivan.ma...@gmail.com [mailto:ivan.ma...@gmail.com] On Behalf Of
helix84
Sent: Wednesday, October 31, 2012 5:26 PM
To: Umair Kayani
Cc: dspace-tech@lists.sourceforge.net
Subject: [?? Probable Spam] Re: [Dspace-tech] Application Security details
of dspace
On Thu, Nov 1, 2012 at 9:24 AM, Umair Kayani ukay...@niftetrust.com wrote:
Helix, Using SSL was our backup plan. DSpace keeps the hash of the password
in database so I was wondering at what servlet this change occur. If request
is going with clear password then it must be converting it to
...@gmail.com] On Behalf Of helix84
Sent: Thursday, November 01, 2012 3:34 PM
To: Umair Kayani
Cc: dspace-tech@lists.sourceforge.net
Subject: Re: [Dspace-tech] Application Security details of dspace 1.8.2
On Thu, Nov 1, 2012 at 9:24 AM, Umair Kayani ukay...@niftetrust.com wrote:
Helix, Using SSL
: Re: [Dspace-tech] Application Security details of dspace 1.8.2
Hi,
DSpace Eperson password hash:
https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/ds
pace/eperson/PasswordHash.java
Hashing the eperson password for storing purposes only allows one to secure
On Thu, Nov 1, 2012 at 12:15 PM, Umair Kayani ukay...@niftetrust.com
wrote:
Actually we surely implement SSL but we also want our password be saved
in hashed form using SHA variants or some other algorithm whatever we like
to use rather than using dspace default hashing algorithm.
Why didn't you
Security details of dspace 1.8.2
On Thu, Nov 1, 2012 at 12:15 PM, Umair Kayani ukay...@niftetrust.com wrote:
Actually we surely implement SSL but we also want our password be saved in
hashed form using SHA variants or some other algorithm whatever we like to
use rather than using dspace
On Wed, Oct 31, 2012 at 1:03 PM, Umair Kayani ukay...@niftetrust.com wrote:
What I want is to make my login password encrypted without deploying SSL
certificate (without going on to https). What I investigated so far is that
my password travels in plain text on the network which is a security
Please note that a self-signed server certificate is perfectly fine
for this purpose (end-to-end encryption without authenticating that
the server is who it claims to be) and your custom solution would do
exactly that.
Regards,
~~helix84
Here is a step-by-step procedure to secure your logins via HTTPS:
http://wiki.lib.sun.ac.za/index.php/SUNScholar/Secure_Internet_Connections
On 31 October 2012 14:28, helix84 heli...@centrum.sk wrote:
Please note that a self-signed server certificate is perfectly fine
for this purpose
Can anyone share what are the application security details that dspace is
following. Since this is an open source so I want to make sure that
application level security is strict enough for the hackers to chip in.
In case of password based authentication which hashing algorithm it is
following
On Tue, Oct 30, 2012 at 12:00 PM, Umair Kayani ukay...@niftetrust.com wrote:
Can anyone share what are the application security details that dspace is
following. Since this is an open source so I want to make sure that
application level security is strict enough for the hackers to chip in.
Can
12 matches
Mail list logo
