shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From drmike01 <>
Subject Re: Is password hashing enough?
Date Wed, 20 Jun 2012 20:30:23 GMT
To do it that way, you'd need to store the user database in something else
other than the .ini file (like LDAP or a database). In my .ini, I have
nothing in the users/roles section, and everything is managed in an attached
database. Doing that is admittedly a bit more work because then you're using
Realms, and Shiro doesn't come with an Identity and Access Mgmt system so
you'd have to build it yourself (or use something like Stormpath). Someone
could still probably put something in the .ini and have that work (not sure,
though), but like Lez said, that's bad for a lot of other reasons and you'd
have larger problems.

View this message in context:
Sent from the Shiro User mailing list archive at

View raw message