« Roller in Japanese,... | Main | Roller on the Sun... »

Proposal: replacing Atom4J with a Rome based Atom implementation

I made this proposal -- a new Atom server implementation for Roller and Rome -- on the Roller mailing list and nobody objected, but I didn't get a lot of feedback.

Dave Johnson in Roller Comments [4]
Tags: Roller

Comments:

You seem to have it all though out. I reviewed things and it looked good. Unfortunately I barely have time to check my email nights right now.

Posted by Lance Lavandowska on November 09, 2004 at 01:24 AM EST #

First welcome to rome, we discussed that and I think it is a great idea.

I had no time to dig into that in details, I'm in vacations these days, but the getPassword() method puzzles me: the implementation should use container managed security and should not have to deal with passwords at all: getPrincipal and isUserInRole should be all you need for security. Once again I did not look at the details but for me this getPassword() method is a red falg.

BTW on the same security note, I looked at roller tables recently and realized that passwords are stored in the clear. This is not secure at all. I think a hash should be stored instead and the realm would use the hash function to check the password.

Just my 2 quick lazy cents:-)

Posted by patrick chanezon on November 09, 2004 at 08:55 AM EST #

Patrick - the ability to encrypt passwords was added in 1.0. It's on by default for new installations.

Posted by Matt Raible on November 09, 2004 at 03:14 PM EST #

Thanks Matt, good to know. I haven't looked at Roller 1.0 codebase yet. P@

Posted by Patrick Chanezon on November 10, 2004 at 08:29 AM EST #

Post a Comment:
  • HTML Syntax: NOT allowed

« Roller in Japanese,... | Main | Roller on the Sun... »

Welcome

This is just one entry in the weblog Blogging Roller. You may want to visit the main page of the weblog

Related entries

Below are the most recent entries in the category Roller, some may be related to this entry.