Skip to content

Commit

Permalink
Provide separate _salt versions instead
Browse files Browse the repository at this point in the history
  • Loading branch information
@Androbin
Androbin committed May 21, 2019
1 parent 889b94b commit a18f0e3
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 6 deletions.
3 changes: 2 additions & 1 deletion apps/vmq_diversity/priv/auth/mysql.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ require "auth/auth_commons"
-- NOTE THAT `PASSWORD()` NEEDS TO BE SUBSTITUTED ACCORDING TO THE HASHING METHOD
-- CONFIGURED IN `vmq_diversity.mysql.password_hash_method`. CHECK THE MYSQL DOCS TO
-- FIND THE MATCHING ONE AT https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html.
-- SALTED VERSIONS LOOK LIKE THIS: `PASSWORD(CONCAT('pass123', 'salt123'))`
--
--
--[[
Expand All @@ -43,7 +44,7 @@ require "auth/auth_commons"
(mountpoint, client_id, username, password, salt,
publish_acl, subscribe_acl)
VALUES
('', 'test-client', 'test-user', PASSWORD(CONCAT('pass123', 'salt123')), 'salt123',
('', 'test-client', 'test-user', PASSWORD('pass123'), 'salt123',
'[{"pattern":"a/b/c"},{"pattern":"c/b/#"}]',
'[{"pattern":"a/b/c"},{"pattern":"c/b/#"}]');
Expand Down
4 changes: 3 additions & 1 deletion apps/vmq_diversity/priv/vmq_diversity.schema
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,8 +240,10 @@
%% sha256: Calculates the SHA-2 hash of the password, using 256 bits.
%% Works only if MySQL has been configured with SSL support.
%% Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2
%%
%% For enhanced security, please use 'sha1_salt' or 'sha256_salt' respectively.
{mapping, "vmq_diversity.mysql.password_hash_method", "vmq_diversity.db_config.mysql.password_hash_method",
[{datatype, {enum, [password, md5, sha1, sha256]}},
[{datatype, {enum, [password, md5, sha1, sha256, sha1_salt, sha256_salt]}},
{default, password}
]}.

Expand Down
10 changes: 6 additions & 4 deletions apps/vmq_diversity/src/vmq_diversity_mysql.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,9 +121,11 @@ hash_method(_, St) ->
DefaultConf = proplists:get_value(mysql, DBConfigs),
HashMethod = proplists:get_value(password_hash_method, DefaultConf),
MysqlFunc = case HashMethod of
password -> <<"PASSWORD(CONCAT(?, salt))">>;
md5 -> <<"MD5(CONCAT(?, salt))">>;
sha1 -> <<"SHA1(CONCAT(?, salt))">>;
sha256 -> <<"SHA2(CONCAT(?, salt), 256)">>
password -> <<"PASSWORD(?)">>;
md5 -> <<"MD5(?)">>;
sha1 -> <<"SHA1(?)">>;
sha256 -> <<"SHA2(?, 256)">>;
sha1_salt -> <<"SHA1(CONCAT(?, salt))">>;
sha256_salt -> <<"SHA2(CONCAT(?, salt), 256)">>
end,
{[MysqlFunc], St}.

0 comments on commit a18f0e3

Please sign in to comment.