[ https://issues.apache.org/jira/browse/SHIRO-445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kalle Korhonen updated SHIRO-445: --------------------------------- Fix Version/s: (was: 1.2.4) 1.2.5 > Mechanism needed to secure passwords in shiro.ini > ------------------------------------------------- > > Key: SHIRO-445 > URL: https://issues.apache.org/jira/browse/SHIRO-445 > Project: Shiro > Issue Type: New Feature > Components: Authentication (log-in), Specification API > Affects Versions: 1.2.2 > Environment: Any. > Reporter: Richard J. Barbalace > Fix For: 1.2.5 > > Attachments: mypatch.txt, mypatch2.txt > > Original Estimate: 24h > Remaining Estimate: 24h > > There should be a mechanism to secure passwords stored in shiro.ini for > accessing databases or other data sources, as described in this Shiro user > forum post: > http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-td7578763.html > A flexible and extensible approach should allow for passwords to be stored in > other INI or properties files, JNDI resources, databases, key stores, key > servers, or other data sources. Passwords might be encrypted using a master > key, which could likewise be stored in various data sources. > I already have an initial patch prepared that allows for passwords to be > stored (plaintext or encrypted with a master key) in other INI files, similar > to a shadow password file. This can be further extended to use other data > sources as needs arise. -- This message was sent by Atlassian JIRA (v6.3.4#6332)