Re: LDAP Annotation and Database Hashing Proposal
Rudy De Busscher
Will, See inline comments (hope it is clear enough, I'll put them also in a separate thread)
On 22 July 2017 at 23:17, Arjan Tijms <arjan.tijms@...> wrote:
The parameters are required. if the PasswordHash interface doesn't have methods with the parameters passed along, there is no implemtattion ever that can use them!
I would also consider removing SHA1. Just as MD5, it is no longer considered as really safe.
But it needs to be useable. Otherwise it is better to deliver nothing then something which isn't working properly and useable!
If the perception of Java EE security API is not good during the first months, it will never be used by anyone, even if we come up with a better version later on.
Sorry to be this hard, but that is the thruth.
A small detail anout the code, I would make it more Java 8 alike ( with diamond operator, foreach method, ....)
If you like, I can make a PR for that.