Active development of JAMWiki has ceased, and bug fixes and support will be limited at best. If you are interested in taking over management of JAMWiki please send an email to the jamwiki-devel mailing list.

Comments:JAMWiki 0.0.8


Archived from the Feedback page:

Just a quick update - the Sourceforge Subversion service has been down all day so no new JAMWiki development has taken place. The updates planned for the next release are available on Roadmap#0.0.8. -- Ryan 18-Jul-2006 23:22 PDT

The Sourceforge Subversion repository is finally available again, so work on JAMWiki 0.0.8 is continuing now. -- Ryan 19-Jul-2006 10:53 PDT

It turns out I used a JDK 1.5 only method in the file persistency code. Since that's a big issue (no one using JDK 1.4 can use file-persistency mode) I'm going to try to get 0.0.8 released tomorrow. The Base64 to SHA-512 password encoding requires that passwords be automatically updated, so I'll have to get the upgrade code working as well before a release can occur. -- Ryan 19-Jul-2006 19:02 PDT

JAMWiki 0.0.8 is now out and available for download from Sourceforge (it's still propagating to mirrors as I write this, but it has been released). The file-persistency bug with JDK 1.4 should be fixed (feedback requested), user passwords are now stored using the SHA-512 algorithm (let me know if anyone has problems with this) and there is an automated upgrade process in place - for 0.0.8 it will automatically convert passwords from Base64 to SHA-512. Please report any issues on the Bug Reports page, and if it works for you (or doesn't work for you) I'd appeciate it if you could add your configuration to the Supported Configurations#Known Working Configurations or Supported Configurations#Non-Working Configurations page. -- Ryan 20-Jul-2006 16:09 PDT

Password hashing and Password Reminder

Archived from the Feedback page:

I've posted some details about it here: ForgottenPassword -- AleXis

I took a quick look at your example, although given the copyright and "all rights reserved" notices I didn't look too closely - JAMWiki is LGPL, and I definitely don't want to get in any troubles over copyright violations! Anyhow, as long as SHA-512 is a standard part of the JDK then we can use it - feel free to list it on the Roadmap, and I'll implement soon it unless someone beats me to it. The hardest part will probably be implementing something to convert existing passwords, and that's not too difficult to do.
The password reminder suggestion you made might be a bit more difficult, since it will require getting JAMWiki's email code working again (it's untested and probably broken). Is that functionality something that's a priority for you? If not, can you add it to the Roadmap and I'll get to it eventually? If it is a high priority then are you interested in writing the code for it? All of the current source code is in Subversion on Sourceforge, and if you feel comfortable coding then I can set up a development branch for you. -- Ryan 15-Jul-2006 16:43 PDT

I can rewite such method myself, will post new code later. Password reminder is not high priority for me, will ad to Roadmap :) One more problem - looks like i can edit AdminOnlyTopics when i am not logged on - can you please test it? -- AleXis

I just tried logging out and editing AdminOnlyTopics and was redirected to the login page, but I'll test more later tonight. Maybe it's an Opera issue? -- Ryan 15-Jul-2006 17:14 PDT

Hmmm, i can reproduce it on my own wiki (and cant here:)... I think you can reproduce it on my wiki too ;) May be troubles somewhere in Resin compatability)... -- AleXis

Maybe Resin isn't deleting the "Remember Me" cookie. If you logout, do you still have a cookie in your browser named user-cookie? -- Ryan 15-Jul-2006 21:17 PDT

May be, will try to catch reason of this error later :) -- AleXis


Archived from the Feedback page:

1. After installation i've logged in with admin account and i've saw Admin link, but today (after server restart?) i didnt see it :-( ) I've look into db and admin is checked, but i have message "Only administrators may access this page" when trying Special:Admin. May checkbox is lost when querying DB.

That's weird - you're still logged in, right? If you don't check the "Remember Me" checkbox then you'll need to re-login after being inactive for too long. Otherwise it's probably a bug of some sort - I can't reproduce on my machine, so I may need more help in tracking it down. When you edit does your name appear in the edit history? Do you see any links on the top right part of the screen? -- Ryan 14-Jul-2006 10:31 PDT

2. Why you are using 2 tables? jam_wiki_user and jam_wiki_user_info? it can be merged to one table

They've been split up to eventually allow support for LDAP. All of the fields that would be found in LDAP are in the jam_wiki_user_info table, so if/when LDAP support is added the system can either query that table (if no LDAP) or get the email, password etc from LDAP instead. -- Ryan 14-Jul-2006 10:31 PDT

3. How you encode password? ENCODED_PASSWORD looks like Base64, May be save password as hash? i am using SHA512 for this purposes

-- AleXis

Yeah, at the moment it's just Base64. Is there a good, free (LGPL or compatible) library out there that implements stronger encoding? Ideally passwords should be stored using a one-way hash algorithm, but then a new way of implementing "remember me" functionality would need to be found since the current code stores the password in Base64 encryption in a cookie (not very secure, but stealing a password from a cookie isn't a very common method of attack). I've never worked for a bank or any company whose policies required anything more than basic encryption, so I don't have a lot of experience with strong encryption - do you know how these issues would commonly be handled? -- Ryan 14-Jul-2006 10:31 PDT