shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Les Hazlewood <lhazlew...@apache.org>
Subject Re: Default Salt Database structure?
Date Thu, 02 Jun 2011 22:56:32 GMT
Hello,

I recently posted a reply to a comment on one of my blog articles that
hopefully will help:

http://www.katasoft.com/blog/2011/04/04/strong-password-hashing-apache-shiro#comment-19

The summary is that it is up to you how you store it - either as a
separate column, prepended to the digest value (ala *nix's crypt
output, as mentioned also by Kalle), or in a separate location
entirely.  It is up to you based on how secure you wish this to be
based on your chosen data storage mechanism.  The
SaltedAuthenticationInfo return value from your Realm abstracts away
the storage details.

HTH,

-- 
Les Hazlewood
Founder, Katasoft, Inc.
Application Security Products & Professional Apache Shiro Support and Training:
http://www.katasoft.com

On Thu, Jun 2, 2011 at 12:23 AM, set321go <swalexx@hotmail.com> wrote:
> Hello,
>
> I have read the documentation but its lacking a bit when it comes to how to
> set up salting. I am just trying to get a basic web app working on glassfish
> using shiro. I have done some of the examples in the links that are on the
> website but I am still unclear on a few things.
>
> By default I need a users table with username and password if I am not using
> salting, is there a default pattern for a database when using salting?
>
> If I am not using the default tables how do I tell shiro what the table and
> structure is?
>
> thanks
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Default-Salt-Database-structure-tp6430158p6430158.html
> Sent from the Shiro User mailing list archive at Nabble.com.

Mime
View raw message