[SHIRO-445] Mechanism needed to secure passwords in shiro.ini - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.2.2
Fix Version/s: None
Component/s: Authentication (log-in), Specification API
Labels:
- patch
Environment:
Any.

Description

There should be a mechanism to secure passwords stored in shiro.ini for accessing databases or other data sources, as described in this Shiro user forum post:
http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-td7578763.html

A flexible and extensible approach should allow for passwords to be stored in other INI or properties files, JNDI resources, databases, key stores, key servers, or other data sources. Passwords might be encrypted using a master key, which could likewise be stored in various data sources.

I already have an initial patch prepared that allows for passwords to be stored (plaintext or encrypted with a master key) in other INI files, similar to a shadow password file. This can be further extended to use other data sources as needs arise.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

mypatch2.txt
13/Dec/13 22:02
43 kB
Richard J. Barbalace
mypatch.txt
06/Jun/13 21:33
31 kB
Richard J. Barbalace

Activity

People

Assignee:: Brian Demers

Reporter:: Richard J. Barbalace

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 06/Jun/13 21:25

Updated:: 09/Mar/21 07:22

Time Tracking

Estimated:

24h

Remaining:

24h

Logged:

Not Specified