Shiro
  1. Shiro
  2. SHIRO-280

Create a PasswordService to automate user password management techniques

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.2.0
    • Component/s: Cryptography & Hashing
    • Labels:
      None

      Description

      While Shiro's hash support is great for both password hashing and general purpose hashing, when hashing passwords, some common techniques and strategies are often used to ensure a consistently strong password management experience. These techniques are currently implemented by the application developer however, which means that 1) they have to design a secure strategy and 2) implement it themselves using Shiro's Hash mechanisms.

      It'd be much nicer if Shiro provided, say, a PasswordService interface and implementations that implement what the community feels are best practices that can be used out-of-the-box so 1) and 2) don't need to be repeated on a per-app basis.

      This is probably related to SHIRO-213 as well.

        Issue Links

          Activity

          Hide
          Les Hazlewood added a comment -

          Closing with the 1.2.0 release.

          Show
          Les Hazlewood added a comment - Closing with the 1.2.0 release.

            People

            • Assignee:
              Les Hazlewood
              Reporter:
              Les Hazlewood
            • Votes:
              2 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development