Passwords in Lift Record

[Mahmood Ali]

Greetings,

In my latest project, I've been trying to use the record's ProtoUser
(along with MappedPassword) with lift-mongo-record. I think I may
have discovered a bug and a limitation:

1. PasswordField doesn't get persisted and loaded properly: Only
PasswordField's value is stored, without the associated salt. A
unique random salt is generated in every instance of MappedPassword
and every load of the instance from the DB, rendering
MappedPassword.match_? useless. Also, when loading MappedPassword
re-hashes the value found in the database again.

You can find some test cases for this at
https://gist.github.com/872498 . All of the cases are failing now,
with Lift 2.2.

2. Mongo Record (lift-mongodb-record) comes with its own
MongoPasswordField that is incompatible with PasswordField. Would it
be possible to have MongoPasswordField extends PasswordField?
MongoPasswordField is missing quite a bit of other's functionality.

Thanks in advanced,
Mahmood

[David Whittaker]

Mahmood,

I came across this problem myself yesterday evening and replied to an older thread about it: http://groups.google.com/group/liftweb/browse_thread/thread/6e7df1bf573e9716/dbd9850d0e59e646?lnk=gst&q=salt+close+to+it%27s+chest#dbd9850d0e59e646.

--
You received this message because you are subscribed to the Google Groups "Lift" group.
To post to this group, send email to lif...@googlegroups.com.
To unsubscribe from this group, send email to liftweb+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.

[Mahmood Ali]

Greetings,

> I came across this problem myself yesterday evening and replied to an older
> thread about it

I see. I'm not the only one facing the issue. I opened Ticket #937
[1] for this issue.

- Mahmood

[1] https://www.assembla.com/spaces/liftweb/tickets/937-passwordfield-not-storing-salt