Ids Braam wrote:
> I was creating a special tag to check if a string is the same as the
> hash of the password of the user (which was collected from the database).
> As I tried this it's kinda hard to check this. I tried to use the
> org.mmbase.security.implementation.cloudcontext.builders.Users.encode
> function but this one was protected. (I used the following code, don't
> know if it's the correct way). Is there a special reason this was
> protected?
We make anything private/protected which has no reason to be public...
It's completely unclear to me why you want to do this, so I can't say if
this could simply be changed for your sake.
> org.mmbase.security.implementation.cloudcontext.builders.Users encoder =
> (org.mmbase.security.implementation.cloudcontext.builders.Users)
> mmb.getBuilder("mmbaseusers");
It's a bit odd to call a builder 'encoder'?
> I solved it using the md5 transformer, but if the password
> hashing method is changed by a admin my code doesn't get the correct
> transformer to hash the passwords. So I would like to use the Users.encode
> function. Is this possible, should I use an other function to encode the
> passwords or do I have to implement my own method of changing hashes?
IIRC the used hashing method 'md5'is simply configured in the the
builder xml, and perhaps you mean that by the admin changing the hashing
method?.
Actually I think that that simply should never happen, and would prefer
to drop the entire method..., why would the admin do that? It would
invalidate all accounts, for which - if that is indeed the intention - I
suppose there are other methods like dropping all records, or changing
all statuses.
Michiel
--
Michiel Meeuwissen mihxil'
Mediacentrum 140 H'sum [] ()
+31 (0)35 6772979 nl_NL eo_XX en_US
_______________________________________________
Developers mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/developers
