Hello, I recently posted a reply to a comment on one of my blog articles that hopefully will help:
http://www.katasoft.com/blog/2011/04/04/strong-password-hashing-apache-shiro#comment-19 The summary is that it is up to you how you store it - either as a separate column, prepended to the digest value (ala *nix's crypt output, as mentioned also by Kalle), or in a separate location entirely. It is up to you based on how secure you wish this to be based on your chosen data storage mechanism. The SaltedAuthenticationInfo return value from your Realm abstracts away the storage details. HTH, -- Les Hazlewood Founder, Katasoft, Inc. Application Security Products & Professional Apache Shiro Support and Training: http://www.katasoft.com On Thu, Jun 2, 2011 at 12:23 AM, set321go <[email protected]> wrote: > Hello, > > I have read the documentation but its lacking a bit when it comes to how to > set up salting. I am just trying to get a basic web app working on glassfish > using shiro. I have done some of the examples in the links that are on the > website but I am still unclear on a few things. > > By default I need a users table with username and password if I am not using > salting, is there a default pattern for a database when using salting? > > If I am not using the default tables how do I tell shiro what the table and > structure is? > > thanks > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Default-Salt-Database-structure-tp6430158p6430158.html > Sent from the Shiro User mailing list archive at Nabble.com.
