I am looking to be able to salt passwords, and checked to see if Turbine supports this already. My search led me to a patch proposal on the dev list (http://archives.apache.org/eyebrowse/ReadMsg?[EMAIL PROTECTED] pache.org&msgId=260787) that seemed to do exactly what I needed (that is, add a "salt" argument to SecurityService.encryptPassword).
Looking at the CVS archive, I see that this Cryptoservice proposal was made "part of Fulcrum" in July 02. Looking at the Fulcrum JavaDocs, however, it appears that the parts of the proposal I liked (support of salt in the security interface) seem to have been abandoned within org.apache.fulcrum.crypto. This service seems to be responsible only for generic encryption. Fulcrum also offers a SecurityService interface and a BaseSecurityService but these seem to be nearly identical to the ones in Turbine 2.2, rather than using an encryptPassword method with a salt argument (or even the crypto service). It looks a bit like the original patch proposal was more interested in using crypt(0) than in salting passwords, so I get the feeling I'm projecting my desires onto it. Am I correct in assuming that the final version of the CryptoService differed in purpose from the original proposal? I also can't seem to find anything that actually uses org.apache.fulcrum.crypto in Turbine 2.2. Did Turbine 2.2 ever make use of it? I guess I'm a little unclear as to what following the howto for configuration actually does for you. I guess this just lets you use the service, but the configuration doesn't actually make Turbine use it by default. Is that right? Thanks, Wordman -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
