Turbine 2.2 makes no use of Fulcrum. Turbine 2.3 does not use Fulcrum either.
I know nothing about the crypto service or the proposals that went around about that topic. That might be a good question for the turbine-dev list. Given that it does not appear that the current plans for Turbine will the include use of Fulcrum in the near future, I would suggest that you refactor the code from Fulcrum into Turbine 2.3. This should be a fairly painless process... Then implement your needs for the salting. If you need help with this effort, the people on the dev list should be willing to help you out. Once you are done, you can submit the crypto service for inclusion into Turbine 2.3. > -----Original Message----- > From: Lester Ward [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 10, 2003 9:37 AM > To: Turbine User Mailing List (E-mail) > Subject: Current state of CryptoService? > > > I am looking to be able to salt passwords, and checked to see > if Turbine supports this already. My search led me to a patch > proposal on the dev list > (http://archives.apache.org/eyebrowse/ReadMsg?listName=turbine > [EMAIL PROTECTED] > pache.org&msgId=260787) that seemed to do exactly what I > needed (that is, add a "salt" argument to > SecurityService.encryptPassword). > > Looking at the CVS archive, I see that this Cryptoservice > proposal was made "part of Fulcrum" in July 02. > > Looking at the Fulcrum JavaDocs, however, it appears that the > parts of the proposal I liked (support of salt in the > security interface) seem to have been abandoned within > org.apache.fulcrum.crypto. This service seems to be > responsible only for generic encryption. Fulcrum also offers > a SecurityService interface and a BaseSecurityService but > these seem to be nearly identical to the ones in Turbine 2.2, > rather than using an encryptPassword method with a salt > argument (or even the crypto service). > > It looks a bit like the original patch proposal was more > interested in using > crypt(0) than in salting passwords, so I get the feeling I'm > projecting my desires onto it. Am I correct in assuming that > the final version of the CryptoService differed in purpose > from the original proposal? > > I also can't seem to find anything that actually uses > org.apache.fulcrum.crypto in Turbine 2.2. Did Turbine 2.2 > ever make use of it? I guess I'm a little unclear as to what > following the howto for configuration actually does for you. > I guess this just lets you use the service, but the > configuration doesn't actually make Turbine use it by > default. Is that right? > > Thanks, > Wordman > > -- > To unsubscribe, e-mail: > <mailto:turbine-user-> [EMAIL PROTECTED]> > For > additional commands, > e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
