My understanding is that we have one one method already implemented (i.e. password stored in security.properties) and the other methods proposed will need some sort of coding; if this is the case then I would not mention them in the comments because it could be confusing: instead we should highlight in our docs the files that needs to be protected (e.g. security.properties and Catalina's ofbiz-component.xml) because they contain secrets.
Jacopo On Thu, Nov 15, 2018 at 8:11 PM Jacques Le Roux < [email protected]> wrote: > Hi, > > In OFBIZ-9833 we suggested several ways on how to store the JWT secret. > > I think that rather to force one of the suggestions OOTB we should rather > propose them as a comment (or a link to a dedicated text file if too long) > with the login.secret_key_string in the security.properties file. > > Then users can pick the one they prefer or follow external links provided > to pick one. > > If nobody disagree I'll do that soon (say in less than a week) > > Jacques > >
