Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Why org.eclipse.jetty.util.securit.Password.java main function takes username, but use it as salt? 
>From my code reading I see that
org.eclipse.jetty.util.securit.Password takes in 2 arguments, username
(optional) and password. However if I trace trough the code, the
username eventually become the salt (by taking the first 2 character)
for hashing password.

So I am wondering why does org.eclipse.jetty.util.securit.Password
document the first optional argument as "username"; why not just
document it as "salt"? Should we pass in username or can we pass in
some random string?

I asked the same question on Github:
https://github.com/eclipse/jetty.project/issues/1762 but I thought
asking this kind of question on mailing list is probably more
appropriate.

Thanks,
Alvin

Back to the top