Usually when we send username and password from a webpage, it goes in plain-text. To secure the transportation of password, we can implement JavaScript salted MD5 hashing which is also suggested by OWASP. How to handle this in a Apache Shrio implementation? In Apache Shrio, the login module only accepts plain-text password. I am using SSL.
-- View this message in context: http://shiro-user.582556.n2.nabble.com/Transporting-user-password-from-Browser-to-Web-Server-in-a-Apache-Shrio-Implementation-tp7580531.html Sent from the Shiro User mailing list archive at Nabble.com.
