Uploaded image for project: 'SX Spring Python'
  1. SX Spring Python
  2. SESPRINGPYTHONPY-56

Assess impact of python's deprecation of md5 and sha modules to spring python's security segment

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0.0.GA
    • Component/s: Security
    • Labels:
      None
    • Environment:
      python 2.5+

      Description

      According to http://www.python.org/dev/peps/pep-0004/, md5 and sha modules are deprecated in python 2.5, and require switching over to hashlib. Todd spotted this issue when trying to configure bamboo. I realized that the security module has an encode/decode process to encrypt passwords, so we need to make spring python able to to handle multiple python versions and deal with this deprecation. See http://docs.python.org/lib/module-hashlib.html for information on how to migrate to hashlib.

      You can either do hashlib.md5(), or hashlib.new("md5"), to get an md5 hasher. The first version is cited as faster and preferred, but the second version is more consistent with the old API, and is probably easier to migrate to. PEP-247 documents a standard API for hashing algorithms, and the second version seems to be more in compliance with that.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              gregturn Greg Turnquist
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: