BCrypt is regarded as a more secure alternative to hashing using message
digest algorithms, such as MD5 and SHA families [0, 1, 2]. Apart from
built-in salting it is adaptable to the increasing power of modern
processing units, which makes it more secure against brute-force cracking.
This commit makes all passwords hashed using BCrypt. The session tokens
remain generated using SHA1. Tests were updated, `rake test:units` and
`rake test:functionals` didn't report any regressions.
[0] http://bcrypt.sourceforge.net/
[1] http://en.wikipedia.org/w/index.php?title=Bcrypt&oldid=439692871
[2] eab1c72/README.md
There were several places where newer versions of gems were being
pulled. Those newer versions were breaking the functional tests and the
cucumber features.
Go back to known working versions of the gems that were causing failures
The default version of actionwebservice removes wsdl_service_name. The
dejan/actionwebservice repository from git is a fork of the datanoise
repository that we were using that has the gemspec fixed to not use a
specific version of Rails.
Add the Gemfile and Gemfile.lock files used to specify the dependencies
of the app.
The Gemfile specifies the dependencies and the Gemfile.lock is a
snapshot of the dependencies. If the Gemfile changes, then Bundler will
look at the differences between the Gemfile and the Gemfile.lock to
determine what other gems to install or upgrade
