Yes good idea, then a link to the location where things are explained would
fit, right?
Jacques
Le 16/11/2018 à 12:31, Jacopo Cappellato a écrit :
My understanding is that we have one one method already implemented (i.e.
password stored in security.properties) and the other methods proposed will
need some sort of coding; if this is the case then I would not mention them
in the comments because it could be confusing: instead we should highlight
in our docs the files that needs to be protected (e.g. security.properties
and Catalina's ofbiz-component.xml) because they contain secrets.
Jacopo
On Thu, Nov 15, 2018 at 8:11 PM Jacques Le Roux <
[email protected]> wrote:
Hi,
In OFBIZ-9833 we suggested several ways on how to store the JWT secret.
I think that rather to force one of the suggestions OOTB we should rather
propose them as a comment (or a link to a dedicated text file if too long)
with the login.secret_key_string in the security.properties file.
Then users can pick the one they prefer or follow external links provided
to pick one.
If nobody disagree I'll do that soon (say in less than a week)
Jacques
