Blogging Roller: Proposal: replacing Atom4J with a Rome based Atom implementation

Proposal: replacing Atom4J with a Rome based Atom implementation

I made this proposal -- a new Atom server implementation for Roller and Rome -- on the Roller mailing list and nobody objected, but I didn't get a lot of feedback.

Dave Johnson in Roller • 🕒 02:40PM Nov 08, 2004

Tags: Roller

Comments:

You seem to have it all though out. I reviewed things and it looked good. Unfortunately I barely have time to check my email nights right now.

Posted by Lance Lavandowska on November 09, 2004 at 01:24 AM EST #

First welcome to rome, we discussed that and I think it is a great idea.

I had no time to dig into that in details, I'm in vacations these days, but the getPassword() method puzzles me: the implementation should use container managed security and should not have to deal with passwords at all: getPrincipal and isUserInRole should be all you need for security. Once again I did not look at the details but for me this getPassword() method is a red falg.

BTW on the same security note, I looked at roller tables recently and realized that passwords are stored in the clear. This is not secure at all. I think a hash should be stored instead and the realm would use the hash function to check the password.

Just my 2 quick lazy cents:-)

Posted by patrick chanezon on November 09, 2004 at 08:55 AM EST #

Patrick - the ability to encrypt passwords was added in 1.0. It's on by default for new installations.

Posted by Matt Raible on November 09, 2004 at 03:14 PM EST #

Thanks Matt, good to know. I haven't looked at Roller 1.0 codebase yet. P@

Posted by Patrick Chanezon on November 10, 2004 at 08:29 AM EST #