[JAMES-1532] JPAUser database field too short for SHA-512 password hashes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0-beta4
Fix Version/s: None
Component/s: UsersStore & UsersRepository
Labels:
- password

Description

The configuration supports setting the hash algorithm for user passwords to SHA-512. However SHA-512 hashes cannot be stored in the JPA user repository, because the field is too short.
http://svn.apache.org/repos/asf/james/server/trunk/data/data-jpa/src/main/java/org/apache/james/user/jpa/model/JPAUser.java sets the field length to 100:
/** Hashed password */
@Basic
@Column(name = "PASSWORD", nullable = false, length = 100)
private String password;

The password hashes are hex encoded before they are stored to the database, so SHA-512 hashes take up (512/8)*2 = 128 characters.

Attachments

Activity

People

Assignee:: Eric Charles

Reporter:: Sebastian Tacke

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Dec/13 13:37

Updated:: 02/Jan/14 15:01

Resolved:: 02/Jan/14 15:01