Re: svn commit: r1770621 [1/5] - in /ofbiz/trunk/specialpurpose/pricat: ./ config/ data/ entitydef/ groovyScripts/ groovyScripts/pricat/ src/ src/main/ src/main/java/ src/main/java/org/ src/main/java/

2016-12-05 Thread Shi Jinghai
Thank you Jacques! I committed a fix to the 2 bugs in rev. 1772689. Kind Regards, Shi Jinghai -邮件原件- 发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] 发送时间: 2016年12月5日 18:22 收件人: dev@ofbiz.apache.org 主题: Re: svn commit: r1770621 [1/5] - in /ofbiz/trunk/specialpurpose/pricat:

Re: Replace password encryption SHA-1 by SHA-512

2016-12-05 Thread Jacques Le Roux
Thanks Jinghai, indeed Argon does not seems to be implemented in available JDKs, maybe later... Jacques Le 05/12/2016 à 15:48, Shi Jinghai a écrit : Hi Jacques, Personally I'd prefer PBKDF2 rather than Argon, because the encrypt of PBKDF2 is done by JDK, I don't know whether Argon has been

Re: Replace password encryption SHA-1 by SHA-512

2016-12-05 Thread Shi Jinghai
Hi Jacques, Personally I'd prefer PBKDF2 rather than Argon, because the encrypt of PBKDF2 is done by JDK, I don't know whether Argon has been supported by JDK. Kind Regards, Shi Jinghai -邮件原件- 发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] 发送时间: 2016年12月5日 22:24 收件人: dev@o

Replace password encryption SHA-1 by SHA-512

2016-12-05 Thread Jacques Le Roux
Hi, At https://issues.apache.org/jira/browse/OFBIZ-8537 Junyuan has contributed a new PBDKF2_SHA* one way encryption for password At http://svn.apache.org/viewvc?rev=1772589&view=rev Jinghai has committed it, I made few remarks on this commit, one of this comment was also discussed in the Jira

Re: Proposal to remove excess runtime libraries

2016-12-05 Thread Jacques Le Roux
Le 05/12/2016 à 14:04, Jacopo Cappellato a écrit : On Sat, Dec 3, 2016 at 8:28 AM, Taher Alkhateeb wrote: I would like to propose deleting the following libraries from build.gradle ... Should I go ahead? opinions? I would go ahead: I suspect that they these declarations are redundant because

Re: Proposal to remove excess runtime libraries

2016-12-05 Thread Jacopo Cappellato
On Sat, Dec 3, 2016 at 8:28 AM, Taher Alkhateeb wrote: > I would like to propose deleting the following libraries from build.gradle > ... > Should I go ahead? opinions? > I would go ahead: I suspect that they these declarations are redundant because they can now be resolved by Gradle. Jacopo

Re: svn commit: r1772589 - in /ofbiz/trunk/framework: base/src/main/java/org/apache/ofbiz/base/crypto/HashCrypt.java security/config/security.properties security/data/PasswordSecurityDemoData.xml secu

2016-12-05 Thread Shi Jinghai
Thank you Nicolas! Agree better to use StringBuilder here. Cheers, -邮件原件- 发件人: Nicolas Malin [mailto:nicolas.ma...@nereide.fr] 发送时间: 2016年12月5日 16:44 收件人: dev@ofbiz.apache.org 主题: Re: svn commit: r1772589 - in /ofbiz/trunk/framework: base/src/main/java/org/apache/ofbiz/base/crypto/HashC

Re: svn commit: r1772589 - in /ofbiz/trunk/framework: base/src/main/java/org/apache/ofbiz/base/crypto/HashCrypt.java security/config/security.properties security/data/PasswordSecurityDemoData.xml secu

2016-12-05 Thread Jacques Le Roux
Why not changing other admin logins pwd encryption? Production sites should not use this pwd anyway (even if they are based on trunk). We need to provide a simple mean to increase the currentPassword field size. Could be as simple as an entry in https://cwiki.apache.org/confluence/display/OFBI

Re: svn commit: r1770621 [1/5] - in /ofbiz/trunk/specialpurpose/pricat: ./ config/ data/ entitydef/ groovyScripts/ groovyScripts/pricat/ src/ src/main/ src/main/java/ src/main/java/org/ src/main/java/

2016-12-05 Thread Jacques Le Roux
Hi Shi, I just noticed EXCELIMPORT_USERLOGIN is 3 chars too long, EXCELIMPORT_USERLG would work Also there is a RelationNameNotUnique in same place. You should use titles (look for "title" in https://cwiki.apache.org/confluence/display/OFBIZ/Entity+Engine+Guide) like in

Re: Proposal to remove excess runtime libraries

2016-12-05 Thread Jacques Le Roux
Hi Taher, I'd say it's not a big risk to remove them if it works on your side. As you said, in case of issue a missing lib can easily be introduced. I just wondered about: * 'org.apache.tomcat.extras:tomcat-extras-juli-adapters:8.0.39' It's an adapters to plug in other logging frameworks in

Re: svn commit: r1772589 - in /ofbiz/trunk/framework: base/src/main/java/org/apache/ofbiz/base/crypto/HashCrypt.java security/config/security.properties security/data/PasswordSecurityDemoData.xml secu

2016-12-05 Thread Nicolas Malin
hello Shi I think it's better to use a StringBuilder to build this. Cheers, Nicolas Le 05/12/2016 à 02:32, sh...@apache.org a écrit : +return pbkdf2Type + "$" + PBKDF2_ITERATIONS + "$" + salt + "$" + new String(hash);