You Learn Something New Every Day (plus new Forge stuff)

So, I’ve been doing a bunch of coding on MySQL Forge over the last week, and I’ve added a number of new features to the Forge application. Some of the new features/changes include:

  • Ability to add a project, with categories, and tags, in a single step, making it easier than ever to add new projects to the directory
  • A whole new interface for tagging projects and code snippets, including the ability to remove existing tags and a review process which attempts to standardize the tags to remove redundancy. (NOTE: You now must be logged in to add tags to a project.
  • A new tabbed UI for viewing project and snippet details
  • Ability to copy snippet code source directly in the interface (yes, that’s for you, Roland Bouman! 🙂 )
  • A project membership approval process. This replaces the flawed contributor implementation I devised before, and sends an email notification to administrators when someone requests membership in the project
  • New toolbar dropdowns on mouseover of the main navigation links to make it easy to add new projects and snippets. The toolbar links change depending on whether a user is logged in or not.

Anyway, go check out the Forge and add new projects and code snippets. If everyone just added one project, we’d have a great collection of ecosystem projects to showcase in the Forge. After all, it’s all about promoting and exposing the MySQL ecosystem. Listing a project on the Forge enables the world to find your favorite MySQL-backed projects, which is A Good Thing.

So, What Did I Learn Today

Well, I was working on fixing a bug in the Forge that Martin Brown let us know about, which had to do with the length of passwords. Jim Winstead commented on the bug report that I should not be using the internal MySQL PASSWORD() function for hashing passwords for the Forge user accounts. Seems Jay hadn’t read the manual section which states:

Note: The PASSWORD() function is used by the authentication system in MySQL
Server; you should not use it in your own applications. For that purpose,
consider MD5() or SHA1() instead. Also see RFC 2195 for more information about
handling passwords and authentication securely in your applications.

Man, I’ve been using PASSWORD() for years now! Just goes to show, you learn something new every day… Anyway, now my dilemma is how to fix the problem without destroying the existing password hashes already in the Forge database. Whatever I come up with, I have a bad feeling it’ll be a bit kludgy 🙁