bdemers commented on issue #1022: URL: https://github.com/apache/shiro/issues/1022#issuecomment-1766834326
Depending on the size of (and how much friction it would cause) your user base. You could reset passwords. A more complex option would be to check if a user's password has was stored in an older format, if so validate the hash. If it matches re-hash the password with a different algorithm and store it. Shiro doesn't provide password write APIs so you would need to write custom code for this. > **NOTE:** Someone could create a generic password service that would do most of the work `UpgradableHashPasswordService`, and then delegate the writes to an interface (that would be implemented by developers using Shiro) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
