Richard J. Barbalace created SHIRO-445:
------------------------------------------
Summary: Mechanism needed to secure passwords in shiro.ini
Key: SHIRO-445
URL: https://issues.apache.org/jira/browse/SHIRO-445
Project: Shiro
Issue Type: New Feature
Components: Authentication (log-in), Specification API
Affects Versions: 1.2.2
Environment: Any.
Reporter: Richard J. Barbalace
Fix For: 1.2.3
There should be a mechanism to secure passwords stored in shiro.ini for
accessing databases or other data sources, as described in this Shiro user
forum post:
http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-td7578763.html
A flexible and extensible approach should allow for passwords to be stored in
other INI or properties files, JNDI resources, databases, key stores, key
servers, or other data sources. Passwords might be encrypted using a master
key, which could likewise be stored in various data sources.
I already have an initial patch prepared that allows for passwords to be stored
(plaintext or encrypted with a master key) in other INI files, similar to a
shadow password file. This can be further extended to use other data sources
as needs arise.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
