SSL, EZproxy and DVN password storage

[Joerg Messer]

Greetings,

We're currently running DVN without using SSL.  We hope to change this soon and I was wondering if anyone knows of any issues using SSL with EZproxy authentication? Until Shib becomes an option, EZproxy is essential for us. 

On a somewhat related note, could someone tell me how DVN passwords are stored in the database (text, hash, hash+, etc)?  We've had a query from our Privacy Impact Assessment Office. 

//Joerg Messer (UBC Library)

[Philip Durbin]

Sorry, Joerg, I don't know anything about EZproxy, but I can try to answer the question about password hashing. From the "Update password encryption to use BCrypt" ticket at https://github.com/IQSS/dataverse/issues/1034 it's my understanding that as of this writing SHA is being used. Here's the commit where I added a "to do" about this: https://github.com/IQSS/dataverse/commit/5f31e3a . This was discussed in a code review: http://bl.ocks.org/pdurbin/raw/df60717dc0b5cfb4742c

Phil

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/99db36b9-97aa-4fc3-8640-f322873e6654%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin

[Joerg Messer]

Thanks Phil.  I'll have a closer look at the docs you reference.  Hopefully a little experimenting will lead to a working SSL + EZproxy config.

On Friday, 23 January 2015 05:56:48 UTC-8, Philip Durbin wrote:

Sorry, Joerg, I don't know anything about EZproxy, but I can try to answer the question about password hashing. From the "Update password encryption to use BCrypt" ticket at https://github.com/IQSS/dataverse/issues/1034 it's my understanding that as of this writing SHA is being used. Here's the commit where I added a "to do" about this: https://github.com/IQSS/dataverse/commit/5f31e3a . This was discussed in a code review: http://bl.ocks.org/pdurbin/raw/df60717dc0b5cfb4742c

Phil

On Fri, Jan 9, 2015 at 2:02 PM, Joerg Messer <joerg....@gmail.com> wrote:

Greetings,

We're currently running DVN without using SSL.  We hope to change this soon and I was wondering if anyone knows of any issues using SSL with EZproxy authentication? Until Shib becomes an option, EZproxy is essential for us. 

On a somewhat related note, could someone tell me how DVN passwords are stored in the database (text, hash, hash+, etc)?  We've had a query from our Privacy Impact Assessment Office. 

//Joerg Messer (UBC Library)

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.

To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/99db36b9-97aa-4fc3-8640-f322873e6654%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.