[
https://issues.apache.org/jira/browse/SHIRO-445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard J. Barbalace updated SHIRO-445:
---------------------------------------
Attachment: mypatch2.txt
Please see the updated mypatch2.txt. This is an improvement over the original
submission.
> Mechanism needed to secure passwords in shiro.ini
> -------------------------------------------------
>
> Key: SHIRO-445
> URL: https://issues.apache.org/jira/browse/SHIRO-445
> Project: Shiro
> Issue Type: New Feature
> Components: Authentication (log-in), Specification API
> Affects Versions: 1.2.2
> Environment: Any.
> Reporter: Richard J. Barbalace
> Fix For: 1.2.3
>
> Attachments: mypatch.txt, mypatch2.txt
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> There should be a mechanism to secure passwords stored in shiro.ini for
> accessing databases or other data sources, as described in this Shiro user
> forum post:
> http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-td7578763.html
> A flexible and extensible approach should allow for passwords to be stored in
> other INI or properties files, JNDI resources, databases, key stores, key
> servers, or other data sources. Passwords might be encrypted using a master
> key, which could likewise be stored in various data sources.
> I already have an initial patch prepared that allows for passwords to be
> stored (plaintext or encrypted with a master key) in other INI files, similar
> to a shadow password file. This can be further extended to use other data
> sources as needs arise.
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
