Allow Password's to be stored in database as encoded strings
------------------------------------------------------------
Key: ISIS-219
URL: https://issues.apache.org/jira/browse/ISIS-219
Project: Isis
Issue Type: New Feature
Components: Runtimes: Dflt: Objectstores: SQL
Affects Versions: 0.3.0-incubating
Reporter: Kevin Meyer
Fix For: 0.3.0-incubating
At the moment, the SQL OS does not encode the Isis Password value type password
values when writing to the database.
This enhancement implements a simple encoding / decoding system that allows the
Isis Password value type to be stored in a simply encoded value in the database
table, while remaining in plain text when in memory.
The conversion is done by the database layer when storing (encoding) and
retrieving (decoding) values.
Enable by adding the following to the isis.properties:
isis.persistor.sql.password.seed=<some random text>
isis.persistor.sql.password.length=<length of encoded string>
All strings will be stored in the database field as strings of length
"isis.persistor.sql.password.length", which defaults to 120.
If isis.persistor.sql.password.seed is undefined (null), the default behaviour
(of not encoding the string) will apply.
The "isis.persistor.sql.password.seed" is a custom value that is used to encode
the password.
NOTE: This is not secure nor unbreakable, it just prevents a casual observer of
your database from being able to read your stored passwords.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
