[jira] Commented: (DERBY-4483) Provide a way to change the hash algorithm used by BUILTIN authentication

Fri, 05 Mar 2010 11:14:51 -0800 

    [ 
https://issues.apache.org/jira/browse/DERBY-4483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12841979#action_12841979
 ] 

Rick Hillegas commented on DERBY-4483:
--------------------------------------

Hi Knut,

Thanks for the experiment.patch increment. I had a couple polishing issues:

o Thanks for the extensive write-up explaining how the new code works. It would 
be helpful if that writeup were included in a header comment somewhere.

o I did not understand why the prefixes 3b60 and 3b61 were chosen to flag 
authentication schemes. Since you have been in there and probably understand 
why those strings are used rather than some other strings, it would be helpful 
if you could record that reasoning in a comment.

o The symbol name ID_PATTERN_NEW_SCHEME suggests that there is an even older 
scheme which might still be used in really old databases. Is that possible? If 
so, does BasicAuthenticationServiceImpl.encryptPasswordUsingStoredAlgorithm() 
need to handle another case? If not, it would be less confusing if this symbol 
were renamed so that it did not suggest an impossibile situation to unwary 
readers like me.

o If AuthenticationServiceBase.encryptPassword() really is only used by the 
newly introduced configurable scheme, it would be helpful if the name of this 
method indicated that.

o I agree that it would be good to add a more specific error message in that 
method.

Thanks,
-Rick

> Provide a way to change the hash algorithm used by BUILTIN authentication
> -------------------------------------------------------------------------
>
>                 Key: DERBY-4483
>                 URL: https://issues.apache.org/jira/browse/DERBY-4483
>             Project: Derby
>          Issue Type: Improvement
>          Components: Services
>    Affects Versions: 10.5.3.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>         Attachments: experiment.diff, upgrade-test.diff
>
>
> The BUILTIN authentication scheme protects the passwords by hashing them with 
> the SHA-1 algorithm. It would be nice to have way to specify a different 
> algorithm so that users can take advantage of new, stronger algorithms 
> provided by their JCE provider if so desired.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to