Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-6494

New implementation of the two-way cryptographic services of OFBiz based on Apache Shiro

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 16.11.01
    • Component/s: framework
    • Labels:
      None

      Description

      New implementation of the two-way cryptographic services of OFBiz based on Apache Shiro:

      • two-way encryption is now delegated to Apache Shiro, with stronger initialization vectors
      • the mechanism is backward compatible
      • new tools to update the encryption of private keys, useful to upgrade older versions of OFBiz and most of all to replace old keys with new ones (this is critical to implement stronger security practices as requested by PCI)
      • unit tests

        Attachments

          Activity

            People

            • Assignee:
              jacopoc Jacopo Cappellato
              Reporter:
              jacopoc Jacopo Cappellato
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: