Re: LDAP Annotation and Database Hashing Proposal
Thanks for the feedback, responses inline.
On 07/23/2017 08:05 AM, Rudy De Busscher wrote:
I assume what you mean is that the methods need the parameters passed along if we retain the hashProperties attribute ... correct?
The intent would be to either support properties, or remove the hashProperties attribute on DatabaseIdentityStoreDefinition. My change leaves them on the annotation because I didn't feel like we'd made a final decision yet, and didn't want to have to add all that back if we decided to keep them. If we don't, we would remove the annotation attribute.
Good point, I'll do that. My thought in keeping it (and perhaps MD5, if it worked) was to support passwords hashed with legacy algorithms, but that doesn't make much sense since it's unlikely they'd be encoded the same way in the database, so the default PasswordHashAlgorithm wouldn't work anyway.
I agree that it needs to be usable, but, to me, the properties/no properties question doesn't seem to be a fatal flaw -- properties would be convenient, in some cases, but lack of properties won't prevent a developer (or platform vendor) from implementing any algorithm(s) they need. Do you see it differently?
Sure, if you want, but let's wait until we're fully decided on the approach. Also, did you sign the OCA yet? I don't understand why that's suddenly a requirement, but apparently it is.
-- Will Hopkins | WebLogic Security Architect | +1.781.442.0310 Oracle Application Development 35 Network Drive, Burlington, MA 01803