--
You received this message because you are subscribed to the Google Groups "Lift" group.
To post to this group, send email to lif...@googlegroups.com.
To unsubscribe from this group, send email to liftweb+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.
> Looking into this is on my todo list. You can create an Assembla ticket and
> assign it to me if you'd like.
I created a ticket for this awhile ago:
https://www.assembla.com/spaces/liftweb/tickets/937-passwordfield-not-storing-salt
. I resurrected the ticket and assigned it to you.
Thanks a lot.
- Mahmood
Sounds good to me. So Tim, you can verify that changing the hash method won't affect the mongo modules? I tend to agree with Ján that it's too broken as is to be used, but It can't hurt to be sure. I feel like when I originally looked into this I found that PasswordField is used within ProtoUser. Does mongo have a proto user implementation?
Hi Ján,
To unsubscribe from this group, send email to liftwe...@googlegroups.com.
To post to this group, send email to lif...@googlegroups.com.--
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group, send email to liftwe...@googlegroups.com.
To post to this group, send email to lif...@googlegroups.com.--
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group, send email to liftwe...@googlegroups.com.
Hi Ján,
To unsubscribe from this group, send email to liftwe...@googlegroups.com.
To post to this group, send email to lif...@googlegroups.com.--
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group, send email to liftwe...@googlegroups.com.
To post to this group, send email to lif...@googlegroups.com.--
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group, send email to liftwe...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Lift" group.
To post to this group, send email to lif...@googlegroups.com.
To unsubscribe from this group, send email to liftweb+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.
It'd be ideal if:
- The same code us used in MappedPassword and Record's password used the same mechanism (bcrypt)
- The Mapper code was a seamless transition from the current hash mechanism to a new hash mechanism such that passwords currently stored will still work and passwords stored with the new bcrypt work
On Apr 28, 2011, at 19:45 , David Pollak wrote:It'd be ideal if:
- The same code us used in MappedPassword and Record's password used the same mechanism (bcrypt)
I agree, but is it necessary for this to be done at the same time if Record's password doesn't work at all currently? My suggestion was, that if Dave was about to fix it, it'd be wise to already implement bcrypt and not to bother with SHA any more
- The Mapper code was a seamless transition from the current hash mechanism to a new hash mechanism such that passwords currently stored will still work and passwords stored with the new bcrypt work
As far as I understand MappedPassword code, it shouldn't be difficult: checking if salt field is empty (bcrypt has salt included in a hash) or checking if hash starts with $2$ or $2a$ will determine that it's bcrypt hash. Adding to that, I'd suggest, that if SHA password is detected, after successful authentication it should be replaced by a bcrypt hash right away. We shouldn't wait for users to actually change the password, they don't do that very often.
Hi David,Yes, I agree proper IP rights are management are important to any project success. But there is nothing holding back for a person who has a solution and willing to assign the rights (which I am always willing to). Whenever I use a open source application I am always willing to give back and I plan to give back to lift too over the coming years!
I agree 200% with your words David... And I plan to do all that ! It was just this one thing that can I think I can contribute to so I offered help.
I am doing this project to smooth the ramp for newbie's to start with!
I have worked with javaee for life... Rugby in past... Working on Grails... Made some very minor contribution to it too...
I strongly feel that if we ease the ramp up for newbies like me we will see much more happening in the community and much better apps coming in the world :)
I am a thick skinned, upfront and very very stubborn guy... So you will be seeing my code coming in the lift repo sooner than later!
I haven't seen any project discouraging contributions so proactively! But that's my opinion that I feel we can improve on. Not criticism!
Cheers,
Rohit
On Fri, Jun 3, 2011 at 6:23 AM, Rohit Rai <ro...@tingendab.com> wrote:Hi David,Yes, I agree proper IP rights are management are important to any project success. But there is nothing holding back for a person who has a solution and willing to assign the rights (which I am always willing to). Whenever I use a open source application I am always willing to give back and I plan to give back to lift too over the coming years!
The first and most important part of contributing to Lift is contributing to the community. Helping people on this list is the first and most important criteria for being a Lift committer. The next criteria is committing to stick around the community and support any code that you contribute. The third most important thing is writing quality code.
I'm sorry the PasswordField thing is blocking you right now. I'm also more globally sorry about the state of the Record APIs... they really are not unified across the drivers. I'm hoping David has a good 3-4 days over the next development cycle to unify some of the APIs and to address some of the more glaring issues.