On 09/24/2014 12:27 PM, Mark Thomas wrote:
On 24/09/2014 16:59, Christopher Schultz wrote:
Mark,
On 9/24/14 5:00 AM, Mark Thomas wrote:
On 23/09/2014 10:49, Mark Thomas wrote:
On 23/09/2014 00:56, "Gabriel E. Sánchez Martínez" wrote:
On 09/17/2014 04:36 AM, Mark Thomas wrote:
On 16/09/2014 22:14, Christopher Schultz wrote:
Mark,
On 9/16/14 3:39 PM, Mark Thomas wrote:
Updated patch:
http://people.apache.org/~markt/patches/2014-09-16-bug56403-tc8-v2.patch
I like it. There is a typo on line 1589 of the patch (passwwords).
It's looking good!
I have an updated version I need to upload that addresses the remaining
issues.
Version 3:
http://people.apache.org/~markt/patches/2014-09-24-bug56403-tc8-v3.patch
Looks good.
I'm just curious: why did you call the class that does PBKDF2
PBECredentialFilter? Does that stand for "Password-based
encryption/encoding"?
It does.
PBE is often used for "password-based encryption" but here we aren't
actually doing any encryption; we're just doing the password part.
Naming this class is tough because technically it can use any algorithm
that works with Java's SecretKey API.
SecretKeyCredentialHandler?
Also, why does ConcurrentMessageDigest.digest have a varargs byte[]
parameter? Is it useful to be able to accept more than one byte array to
that method?
Yes. You want to be able to pass either just the password or the salt
and the password.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
