New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Seed the passwords with the user name #251

Closed
sodul opened this Issue Oct 29, 2013 · 1 comment

Comments

Projects
None yet
2 participants
@sodul
Contributor

sodul commented Oct 29, 2013

https://github.com/pongasoft/glu/blob/master/console/org.linkedin.glu.console-webapp/grails-app/domain/org/linkedin/glu/console/domain/DbUserCredentials.groovy#L23

  boolean validatePassword(String password)
  {
    if(!password)
      return false
    if (computeOneWayHash(username+password) == oneWayHashPassword)
      return true
    // for backward compatibility with non seeded passwords.
    computeOneWayHash(password) == oneWayHashPassword
  }

  void setPassword(String password)
  {
    oneWayHashPassword = computeOneWayHash(username+password)
  }

@ghost ghost assigned ypujante Nov 26, 2013

ypujante added a commit that referenced this issue Nov 27, 2013

#251: changed hashing mechanism to use bcrypt
- added a seed + use bcrypt (backward compatible)
@ypujante

This comment has been minimized.

Member

ypujante commented Nov 27, 2013

Implemented in glu 5.4.0

@ypujante ypujante closed this Nov 27, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment