[
https://issues.apache.org/jira/browse/SHIRO-445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17297887#comment-17297887
]
Benjamin Marwell commented on SHIRO-445:
----------------------------------------
Hi [~suchitgupta],
while this is not yet possible, you could use a managed DataSource from a
container (i.e. application server).
> Mechanism needed to secure passwords in shiro.ini
> -------------------------------------------------
>
> Key: SHIRO-445
> URL: https://issues.apache.org/jira/browse/SHIRO-445
> Project: Shiro
> Issue Type: New Feature
> Components: Authentication (log-in), Specification API
> Affects Versions: 1.2.2
> Environment: Any.
> Reporter: Richard J. Barbalace
> Assignee: Brian Demers
> Priority: Major
> Labels: patch
> Attachments: mypatch.txt, mypatch2.txt
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> There should be a mechanism to secure passwords stored in shiro.ini for
> accessing databases or other data sources, as described in this Shiro user
> forum post:
> http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-td7578763.html
> A flexible and extensible approach should allow for passwords to be stored in
> other INI or properties files, JNDI resources, databases, key stores, key
> servers, or other data sources. Passwords might be encrypted using a master
> key, which could likewise be stored in various data sources.
> I already have an initial patch prepared that allows for passwords to be
> stored (plaintext or encrypted with a master key) in other INI files, similar
> to a shadow password file. This can be further extended to use other data
> sources as needs arise.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
