Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-6494

New implementation of the two-way cryptographic services of OFBiz based on Apache Shiro

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 16.11.01
    • Component/s: framework
    • Labels:
      None

      Description

      New implementation of the two-way cryptographic services of OFBiz based on Apache Shiro:

      • two-way encryption is now delegated to Apache Shiro, with stronger initialization vectors
      • the mechanism is backward compatible
      • new tools to update the encryption of private keys, useful to upgrade older versions of OFBiz and most of all to replace old keys with new ones (this is critical to implement stronger security practices as requested by PCI)
      • unit tests

        Activity

        Hide
        jacopoc Jacopo Cappellato added a comment -

        Implemented in rev. 1684608

        Show
        jacopoc Jacopo Cappellato added a comment - Implemented in rev. 1684608
        Hide
        hansbak Hans Bakker added a comment -

        thank you Jacopo, also for the junit tests....great improvement...

        Show
        hansbak Hans Bakker added a comment - thank you Jacopo, also for the junit tests....great improvement...

          People

          • Assignee:
            jacopoc Jacopo Cappellato
            Reporter:
            jacopoc Jacopo Cappellato
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development