SSL, EZproxy and DVN password storage

108 views
Skip to first unread message

Joerg Messer

unread,
Jan 9, 2015, 2:02:15 PM1/9/15
to dataverse...@googlegroups.com
Greetings,

We're currently running DVN without using SSL.  We hope to change this soon and I was wondering if anyone knows of any issues using SSL with EZproxy authentication? Until Shib becomes an option, EZproxy is essential for us. 

On a somewhat related note, could someone tell me how DVN passwords are stored in the database (text, hash, hash+, etc)?  We've had a query from our Privacy Impact Assessment Office. 

//Joerg Messer (UBC Library)

Philip Durbin

unread,
Jan 23, 2015, 8:56:48 AM1/23/15
to dataverse...@googlegroups.com
Sorry, Joerg, I don't know anything about EZproxy, but I can try to answer the question about password hashing. From the "Update password encryption to use BCrypt" ticket at https://github.com/IQSS/dataverse/issues/1034 it's my understanding that as of this writing SHA is being used. Here's the commit where I added a "to do" about this: https://github.com/IQSS/dataverse/commit/5f31e3a . This was discussed in a code review: http://bl.ocks.org/pdurbin/raw/df60717dc0b5cfb4742c

Phil

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/99db36b9-97aa-4fc3-8640-f322873e6654%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--

Joerg Messer

unread,
Jan 29, 2015, 2:22:29 PM1/29/15
to dataverse...@googlegroups.com, philip...@harvard.edu

Thanks Phil.  I'll have a closer look at the docs you reference.  Hopefully a little experimenting will lead to a working SSL + EZproxy config.

On Friday, 23 January 2015 05:56:48 UTC-8, Philip Durbin wrote:
Sorry, Joerg, I don't know anything about EZproxy, but I can try to answer the question about password hashing. From the "Update password encryption to use BCrypt" ticket at https://github.com/IQSS/dataverse/issues/1034 it's my understanding that as of this writing SHA is being used. Here's the commit where I added a "to do" about this: https://github.com/IQSS/dataverse/commit/5f31e3a . This was discussed in a code review: http://bl.ocks.org/pdurbin/raw/df60717dc0b5cfb4742c

Phil
On Fri, Jan 9, 2015 at 2:02 PM, Joerg Messer <joerg....@gmail.com> wrote:
Greetings,

We're currently running DVN without using SSL.  We hope to change this soon and I was wondering if anyone knows of any issues using SSL with EZproxy authentication? Until Shib becomes an option, EZproxy is essential for us. 

On a somewhat related note, could someone tell me how DVN passwords are stored in the database (text, hash, hash+, etc)?  We've had a query from our Privacy Impact Assessment Office. 

//Joerg Messer (UBC Library)

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages