shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (Assigned) (JIRA)" <>
Subject [jira] [Assigned] (SHIRO-280) Create a PasswordService to automate user password management techniques
Date Mon, 03 Oct 2011 17:57:35 GMT


Les Hazlewood reassigned SHIRO-280:

    Assignee: Les Hazlewood
> Create a PasswordService to automate user password management techniques
> ------------------------------------------------------------------------
>                 Key: SHIRO-280
>                 URL:
>             Project: Shiro
>          Issue Type: New Feature
>          Components: Cryptography & Hashing
>            Reporter: Les Hazlewood
>            Assignee: Les Hazlewood
> While Shiro's hash support is great for both password hashing and general purpose hashing,
when hashing passwords, some common techniques and strategies are often used to ensure a consistently
strong password management experience.  These techniques are currently implemented by the
application developer however, which means that 1) they have to design a secure strategy and
2) implement it themselves using Shiro's Hash mechanisms.
> It'd be much nicer if Shiro provided, say, a PasswordService interface and implementations
that implement what the community feels are best practices that can be used out-of-the-box
so 1) and 2) don't need to be repeated on a per-app basis.
> This is probably related to SHIRO-213 as well.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message