[SESPRINGPYTHONPY-56] Assess impact of python's deprecation of md5 and sha modules to spring python's security segment - Spring JIRA

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.0.0.GA
Component/s: Security
Labels:
None
Environment:
python 2.5+

Description

According to http://www.python.org/dev/peps/pep-0004/, md5 and sha modules are deprecated in python 2.5, and require switching over to hashlib. Todd spotted this issue when trying to configure bamboo. I realized that the security module has an encode/decode process to encrypt passwords, so we need to make spring python able to to handle multiple python versions and deal with this deprecation. See http://docs.python.org/lib/module-hashlib.html for information on how to migrate to hashlib.

You can either do hashlib.md5(), or hashlib.new("md5"), to get an md5 hasher. The first version is cited as faster and preferred, but the second version is more consistent with the old API, and is probably easier to migrate to. PEP-247 documents a standard API for hashing algorithms, and the second version seems to be more in compliance with that.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Greg Turnquist

Archiver:: Trevor Marshall

Dates

Created:: 18/Aug/08 10:54 PM

Updated:: 17/Jun/09 4:20 AM

Resolved:: 17/Jun/09 4:20 AM

Archived:: 03/Oct/22 11:39 PM