Results 1 to 2 of 2

Thread: Authentication with hashed password

  1. #1
    New Member
    Join Date
    Mar 2014
    Posts
    24

    Authentication with hashed password

    Hello,

    I'm using voltdb with a java application. I have modified the deployment.xml file, to use security and roles:

    ...
    <security enabled="true"/>
    <users>
    <user name="sandra"
    password="sandra"
    roles="read_role" />
    <user name="nicole"
    password="nicole"
    roles="write_role" />
    <user name="sys-admin"
    password="sys-admin"
    roles="administrator" />

    </users>
    ...

    In the java application I modified the code, to use username/password:
    ...
    org.voltdb.client.Client client = null;

    ClientConfig config = null;
    config = new ClientConfig("sys-admin","sys-admin");
    ...

    Two questions arises:
    1) Why are the passwords stored in clear text on the server? Is there any possibility to hash the password?
    2) In the wireshark trace I cannot read the password - so there must be a form of hashing ... do you send username / hashed password to the server? In the trace I cannot identify a hash:

    ...;......database... sys-admin.(...J}{.T....{.V.........aA...!...=......... ........Pry.t........5.6_voltdb-5.6-0-g3743684-local...&....
    @Subscribe.......... ....TOPOLOGY...(.....@Statistics.......... ....TOPO........,.....@SystemCatalog.......... ...
    PROCEDURES........ DeleteAll...................................L..... ................6...... . ...
    PROCEDURE_CAT....PROCEDURE_SCHEM....PROCEDURE_NAME ... RESERVED1... RESERVED2... RESERVED3....REMARKS....PROCEDURE_TYPE...
    SPECIFIC_NAME...-................CUSTOMER.delete...............[{"partitionParameter":0,"partitionParameterType":5 ,"readOnly":false,"singlePartition":true}......CUS TOMER.delete................CUSTOMER.insert....... ........[{"partitionParameter":2,"partitionParameterType "
    ...

    Best regards,
    Sabrina

  2. #2
    Senior Member
    Join Date
    Apr 2014
    Posts
    152
    Sabrina,
    Here's a summary of the answers from Slack.
    VoltDB uses SHA256 as of V5.3 and there's no encryption between VoltDB servers. To hash a password, please try 'voltdb mask'.
    Peter Zhao

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •