shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard J. Barbalace (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SHIRO-445) Mechanism needed to secure passwords in shiro.ini
Date Thu, 06 Jun 2013 21:26:21 GMT
Richard J. Barbalace created SHIRO-445:
------------------------------------------

             Summary: Mechanism needed to secure passwords in shiro.ini
                 Key: SHIRO-445
                 URL: https://issues.apache.org/jira/browse/SHIRO-445
             Project: Shiro
          Issue Type: New Feature
          Components: Authentication (log-in), Specification API
    Affects Versions: 1.2.2
         Environment: Any.
            Reporter: Richard J. Barbalace
             Fix For: 1.2.3


There should be a mechanism to secure passwords stored in shiro.ini for accessing databases
or other data sources, as described in this Shiro user forum post:
http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-td7578763.html

A flexible and extensible approach should allow for passwords to be stored in other INI or
properties files, JNDI resources, databases, key stores, key servers, or other data sources.
 Passwords might be encrypted using a master key, which could likewise be stored in various
data sources.

I already have an initial patch prepared that allows for passwords to be stored (plaintext
or encrypted with a master key) in other INI files, similar to a shadow password file.  This
can be further extended to use other data sources as needs arise.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message