To do it that way, you'd need to store the user database in something else other than the .ini file (like LDAP or a database). In my .ini, I have nothing in the users/roles section, and everything is managed in an attached database. Doing that is admittedly a bit more work because then you're using Realms, and Shiro doesn't come with an Identity and Access Mgmt system so you'd have to build it yourself (or use something like Stormpath). Someone could still probably put something in the .ini and have that work (not sure, though), but like Lez said, that's bad for a lot of other reasons and you'd have larger problems.
-- View this message in context: http://shiro-user.582556.n2.nabble.com/Is-password-hashing-enough-tp7577522p7577529.html Sent from the Shiro User mailing list archive at Nabble.com.
