On Thu, 14 Apr 2005, Michiel Meeuwissen wrote:
Ids Braam wrote:I was creating a special tag to check if a string is the same as the hash of the password of the user (which was collected from the database). As I tried this it's kinda hard to check this. I tried to use the org.mmbase.security.implementation.cloudcontext.builders.Users.encode function but this one was protected. (I used the following code, don't know if it's the correct way). Is there a special reason this was protected?
We make anything private/protected which has no reason to be public...
It's completely unclear to me why you want to do this, so I can't say if this could simply be changed for your sake.
I wanted to do this so I could hash a string using the default hash method. (set by the admin during install). I was implementing a tag to compare a user given string with the stored password in mm_mmbaseusers table (we are using cloudcontext security). But I couldn't find a way to do this, so I tried using this builder. Is there a easier way to hash a string using the default hash method?
org.mmbase.security.implementation.cloudcontext.builders.Users encoder = (org.mmbase.security.implementation.cloudcontext.builders.Users) mmb.getBuilder("mmbaseusers");
It's a bit odd to call a builder 'encoder'?
Yeah, doh. The encoder name was from an old piece of code that wouldn't work that I changed. Sorry, that 'encoder' should of course be 'builder'.
I solved it using the md5 transformer, but if the password hashing method is changed by a admin my code doesn't get the correct transformer to hash the passwords. So I would like to use the Users.encode function. Is this possible, should I use an other function to encode the passwords or do I have to implement my own method of changing hashes?
IIRC the used hashing method 'md5'is simply configured in the the builder xml, and perhaps you mean that by the admin changing the hashing method?.
Jep, if the admin changes the hash method (during install) then my code (which depends on the admin choosing md5 as hash method, and simply uses a md5 transformer) fails. So my main question is, is there a way to hash strings using the default hash method set in the builder? Right now I couldn't find a way to do this nicely. I tried using the cloudcontext.builders.Users builder, which has an encode function (which should work). But that function has an protected status. So that's why I asked about the protected status.
Actually I think that that simply should never happen, and would prefer to drop the entire method..., why would the admin do that? It would invalidate all accounts, for which - if that is indeed the intention - I suppose there are other methods like dropping all records, or changing all statuses.
Well, the admin would do this during install of the system, before the system goes live. Perhaps if md5 is cracked or higher security is needed. It isn't very likely this happens, but I was just wondering how to do this the nice way.
-- Ids Braam _______________________________________________ Developers mailing list [email protected] http://lists.mmbase.org/mailman/listinfo/developers
