Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-445

Mechanism needed to secure passwords in shiro.ini

    XMLWordPrintableJSON

    Details

      Description

      There should be a mechanism to secure passwords stored in shiro.ini for accessing databases or other data sources, as described in this Shiro user forum post:
      http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-td7578763.html

      A flexible and extensible approach should allow for passwords to be stored in other INI or properties files, JNDI resources, databases, key stores, key servers, or other data sources. Passwords might be encrypted using a master key, which could likewise be stored in various data sources.

      I already have an initial patch prepared that allows for passwords to be stored (plaintext or encrypted with a master key) in other INI files, similar to a shadow password file. This can be further extended to use other data sources as needs arise.

        Attachments

        1. mypatch2.txt
          43 kB
          Richard J. Barbalace
        2. mypatch.txt
          31 kB
          Richard J. Barbalace

          Activity

            People

            • Assignee:
              bdemers Brian Demers
              Reporter:
              richard@localmed.com Richard J. Barbalace
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:

                Time Tracking

                Estimated:
                Original Estimate - 24h
                24h
                Remaining:
                Remaining Estimate - 24h
                24h
                Logged:
                Time Spent - Not Specified
                Not Specified