Source changes

POM

In the root pom.xml:

  • change parent/version from 2.1.10 to 2.1.11
  • change properties/syncope.version from 2.1.10 to 2.1.11

SQL

In case you are using security questions as part of the password reset flow in your deployment, there are some relevant changes introduced by SYNCOPE-1666 that are requiring some manual database upgrade steps, as follows.

If you need more control you can even opt for a BASH or Python script that generates data to write on the database. For example you can generate with BASH terminale SHA2 strings as shown here: https://beamtic.com/terminal-hash-making

PostgreSQL 12+:

https://www.postgresql.org/docs/12/pgcrypto.html#id-1.11.7.34.5

First of all, enable the via

psql -U [pg_user] -d [pg_db_name] -c "CREATE EXTENSION pgcrypto;"

then run the following SQL statement:

UPDATE syncopeuser SET securityanswer = encode(digest(securityanswer, 'sha256'), 'hex') where securityanswer is not null;

MySQL 8

https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html

UPDATE syncopeuser SET securityanswer = SHA2(securityanswer, 256) where securityanswer is not null;

Oracle

https://docs.oracle.com/en/database/oracle/oracle-database/12.2/arpls/DBMS_CRYPTO.html

https://docs.oracle.com/database/121/SQLRF/functions183.htm#SQLRF55647

Sample SQL statement:

UPDATE syncopeuser SET securityanswer = rawtohex(standard_hash ( securityanswer, 'SHA256')) where securityanswer is not null;

SQLServer 2017+

https://docs.microsoft.com/it-it/sql/t-sql/functions/hashbytes-transact-sql?view=sql-server-ver15

Sample SQL statement:

UPDATE syncopeuser SET securityanswer = select CONVERT(VARCHAR(MAX), (SELECT HASHBYTES('SHA2_256',securityanswer)), 1) where securityanswer is not null;


  • No labels

Questions? Just send an e-mail to user@syncope.apache.org