<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:20:27 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-2411] Use SCRAM-SHA-256 for passwords on PostgreSQL server, drop MD5</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-2411</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;MD5 is the only password storage hashing algorithm that is supported by PG 9.x. And it&apos;s legacy, i. e. broken beyond repair and hope. PG 10 introduced SCRAM-SHA-256. Not only is sha256 a stronger and - for the foreseeable future - secure hashing algorithm, it also is salted and bundled with salted challenge response authentication, which doesn&apos;t expose passwords to sniffing parties on the network. Even if database breaches are something that seems like a worst case scenario, exposing passwords due to weak hashes during a breach will put a lot of users under fire, since we all know a lot of people recycle their passwords. SCRAM-SHA-256 won&apos;t be breakable for quite some time (as of current knowledge), and the salting counters rainbow table attacks too.&lt;br/&gt;
There also is the problem that MD5 hashed passwords are incompatible with SCRAM-SHA-256 authentication, so upgrading and using the better algorithm is only possible by resetting all passwords, which is a nightmare in its own right.&lt;/p&gt;

&lt;p&gt;This requires&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;vertx-pg-client version &amp;gt; 4.0.0-milestone4: &lt;a href=&quot;https://github.com/eclipse-vertx/vertx-sql-client/commit/d96e53f80c0066b377c43efbd1c6466bb0d06e51&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/eclipse-vertx/vertx-sql-client/commit/d96e53f80c0066b377c43efbd1c6466bb0d06e51&lt;/a&gt; or&lt;/li&gt;
	&lt;li&gt;vertx-pg-client version &amp;gt; 3.8.5: &lt;a href=&quot;https://github.com/eclipse-vertx/vertx-sql-client/commit/f806158a9ff8c2561433855a4bf9f2c6472e3ba0&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/eclipse-vertx/vertx-sql-client/commit/f806158a9ff8c2561433855a4bf9f2c6472e3ba0&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;The old deprecated client &lt;a href=&quot;https://github.com/vert-x3/vertx-mysql-postgresql-client&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/vert-x3/vertx-mysql-postgresql-client&lt;/a&gt; / &lt;a href=&quot;https://github.com/vert-x3/vertx-sql-common&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/vert-x3/vertx-sql-common&lt;/a&gt; only supports MD5, it doesn&apos;t support SCRAM.&lt;/p&gt;

&lt;p&gt;If all subtasks are finished add a note how to configure PostgreSQL for SCRAM-SHA-256 to all installation documentation documents.&lt;/p&gt;</description>
                <environment></environment>
        <key id="79828">FOLIO-2411</key>
            <summary>Use SCRAM-SHA-256 for passwords on PostgreSQL server, drop MD5</summary>
                <type id="10006" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10307?size=medium">Umbrella</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="10003" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/generic.png" description="The issue cannot be worked on because it is blocked by other issues. (Migrated on 4 Feb 2024 13:41 UTC)">Blocked</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5">Johannes Drexl</reporter>
                                    <labels>
                            <label>platform-backlog</label>
                            <label>postgres</label>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Fri, 20 Dec 2019 15:08:22 +0000</created>
                <updated>Thu, 5 May 2022 11:25:52 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>4</watches>
                                                                <comments>
                                                            <comment id="190249" author="712020:3ea0f137-0f2e-4b09-91f9-bb66fa7c98e5" created="Fri, 20 Dec 2019 15:17:34 +0000"  >&lt;p&gt;This is a branch of &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2406&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/browse/FOLIO-2406&lt;/a&gt;&lt;/p&gt;</comment>
                                                            <comment id="190256" author="5cf6c546b87c300f36eb7b9a" created="Thu, 14 Oct 2021 15:14:42 +0000"  >&lt;p&gt;We may need another related ticket for folio-spring-base...&#160;&#160;&lt;/p&gt;</comment>
                                                            <comment id="190259" author="5cf6c546b87c300f36eb7b9a" created="Thu, 14 Oct 2021 15:15:33 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; class=&quot;user-hover&quot; rel=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; data-account-id=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; accountid=&quot;557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d&quot; rel=&quot;noreferrer&quot;&gt;Jakub Skoczen&lt;/a&gt;&#160;to follow up with CP team and on the spring way question above.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                                                <inwardlinks description="is blocked by">
                                        <issuelink>
            <issuekey id="79636">FOLIO-2416</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="80856">FOLIO-1438</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="54058">OKAPI-793</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="57237">RMB-548</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="39142">VERTXLIB-18</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10002">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="81540">FOLIO-2406</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="82226">FOLIO-3391</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="44765">UIU-514</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10144"><![CDATA[Core: Platform]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i00jjb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 14 Oct 2021 15:14:42 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>