Re: svn commit: r1772589 - in /ofbiz/trunk/framework: base/src/main/java/org/apache/ofbiz/base/crypto/HashCrypt.java security/config/security.properties security/data/PasswordSecurityDemoData.xml security/entitydef/entitymodel.xml

hello Shi

I think it's better to use a StringBuilder to build this.

Cheers,
Nicolas
Le 05/12/2016 à 02:32, [hidden email] a écrit :
> +            return pbkdf2Type + "$" + PBKDF2_ITERATIONS + "$" + salt + "$" + new String(hash);

Why not changing other admin logins pwd encryption? Production sites should not use this pwd anyway (even if they are based on trunk).

We need to provide a simple mean to increase the currentPassword field size.

Could be as simple as an entry in https://cwiki.apache.org/confluence/display/OFBIZ/Revisions+Requiring+Data+Migration+-+upgrade+ofbiz

with ALTER TABLE UserLogin ALTER COLUMN currentPassword varchar(255)

Also nitpicking but I see no reasons to have blank lines between privates in HashCrypt ;)

Jacques


Le 05/12/2016 à 09:44, Nicolas Malin a écrit :

Thank you Nicolas! Agree better to use StringBuilder here.

Cheers,

-----邮件原件-----
发件人: Nicolas Malin [mailto:[hidden email]]
发送时间: 2016年12月5日 16:44
收件人: [hidden email]
主题: Re: svn commit: r1772589 - in /ofbiz/trunk/framework: base/src/main/java/org/apache/ofbiz/base/crypto/HashCrypt.java security/config/security.properties security/data/PasswordSecurityDemoData.xml security/entitydef/entitymodel.xml

hello Shi

I think it's better to use a StringBuilder to build this.

Cheers,
Nicolas
Le 05/12/2016 à 02:32, [hidden email] a écrit :
> +            return pbkdf2Type + "$" + PBKDF2_ITERATIONS + "$" + salt + "$" + new String(hash);