Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-280

Create a PasswordService to automate user password management techniques

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.2.0
    • Component/s: Cryptography & Hashing
    • Labels:
      None

      Description

      While Shiro's hash support is great for both password hashing and general purpose hashing, when hashing passwords, some common techniques and strategies are often used to ensure a consistently strong password management experience. These techniques are currently implemented by the application developer however, which means that 1) they have to design a secure strategy and 2) implement it themselves using Shiro's Hash mechanisms.

      It'd be much nicer if Shiro provided, say, a PasswordService interface and implementations that implement what the community feels are best practices that can be used out-of-the-box so 1) and 2) don't need to be repeated on a per-app basis.

      This is probably related to SHIRO-213 as well.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lhazlewood Les Hazlewood
                Reporter:
                lhazlewood Les Hazlewood
              • Votes:
                2 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: