[jira] Created: (OFBIZ-1151) Passwords are not seeded

    [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12552656 ]

Marco Risaliti commented on OFBIZ-1151:
---------------------------------------

Sorry Jacques, I have not seen that it was a grouped bugs.
In this case I have used to set in the grouped bugs the sum of the components used by detailed issues.
I didn't like unknow components.
Otherwise we can add a new fictitious component - GROUPED ISSUES - and assign this component to this type of issue.

Thanks
Marco

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12552929 ]

Jacques Le Roux commented on OFBIZ-1151:
----------------------------------------

Marco,

Do you know how to create a new component in Jira ? I never tried

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12553256 ]

Marco Risaliti commented on OFBIZ-1151:
---------------------------------------

Hi Jacques,

I have not the grant to the administration of JIRA and so I cannot help you on how to create a new component.

Thanks
Marco

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12553397 ]

Jacques Le Roux commented on OFBIZ-1151:
----------------------------------------

Marco,

Done, was a good idea, at least I hope everybody will think so.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12553492 ]

Marco Risaliti commented on OFBIZ-1151:
---------------------------------------

Also I like this workaround to see how many INCORPORATING ISSUE are active.
Before switch the others INCORPORATING ISSUE to this new fictitious components I will wait some other feedback from others.

Thanks
Marco


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux updated OFBIZ-1151:
-----------------------------------

    Issue Type: Sub-task  (was: Improvement)
        Parent: OFBIZ-1525

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12707707#action_12707707 ]

Jacques Le Roux commented on OFBIZ-1151:
----------------------------------------

Maybe we should just provide a salting mechanism with clear explanations. I mean OFBiz paswords salted OOTB but only as a demonstration and clear explanations about not only changing passwords (as it's already done for admin password) but also salt string. Maybe Michael Jensen's idea of colon separating password and salt could be used ? I also remember the idea of having a salt string only related to the password at hand (to avoid easy hack if the salt is discovered by a way or another...), this is also called random salt (the alternative being static salt). But obviously this introduces a new breach has you have to store also the random salt. Except if you use a part of the record only *you*know (for instance a part of the creation date field, etc.)

My 2cts

Jacques


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12858370#action_12858370 ]

Adam Heath commented on OFBIZ-1151:
-----------------------------------

I actually have  a patch for this now.  Existing database entries will continue to work, while changing a password will end up being salted.  The salt is randomly generated each and every time a password is hashed.  There is no globally shared salt at any point.   The length of the salt is from 1 to 16 chars, and the content is also random.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

    [ https://issues.apache.org/jira/browse/OFBIZ-1151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12895313#action_12895313 ]

Martin Kreidenweis commented on OFBIZ-1151:
-------------------------------------------

Adam,

great news about the patch. Where can I get it? :)

Thanks
Martin

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.