[jira] [Commented] (ISIS-219) Allow Password's to be stored in database as encoded strings

Thu, 22 Mar 2012 22:56:50 -0700 

    [ 
https://issues.apache.org/jira/browse/ISIS-219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13236372#comment-13236372
 ] 

Kevin Meyer commented on ISIS-219:
----------------------------------

I still need to update the documents to reflect these updates.
                
> Allow Password's to be stored in database as encoded strings
> ------------------------------------------------------------
>
>                 Key: ISIS-219
>                 URL: https://issues.apache.org/jira/browse/ISIS-219
>             Project: Isis
>          Issue Type: New Feature
>          Components: Runtimes: Dflt: Objectstores: SQL
>    Affects Versions: 0.3.0-incubating
>            Reporter: Kevin Meyer
>             Fix For: 0.3.0-incubating
>
>
> At the moment, the SQL OS does not encode the Isis Password value type 
> password values when writing to the database.
> This enhancement implements a simple encoding / decoding system that allows 
> the Isis Password value type to be stored in a simply encoded value in the 
> database table, while remaining in plain text when in memory.
> The conversion is done by the database layer when storing (encoding) and 
> retrieving (decoding) values.
> Enable by adding the following to the isis.properties:
> isis.persistor.sql.password.seed=<some random text>
> isis.persistor.sql.password.length=<length of encoded string>
> All strings will be stored in the database field as strings of length 
> "isis.persistor.sql.password.length", which defaults to 120.
> If isis.persistor.sql.password.seed is undefined (null), the default 
> behaviour (of not encoding the string) will apply.
> The "isis.persistor.sql.password.seed" is a custom value that is used to 
> encode the password.
> NOTE: This is not secure nor unbreakable, it just prevents a casual observer 
> of your database from being able to read your stored passwords.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to