[security-dev] SHA salted passwords
bruno at abstractj.org
Mon Jan 7 04:49:58 EST 2013
Good morning everyone.
I'm planning to upgrade AeroGear to PicketLink, looking at the examples looks like the passwords will be stored in plain text
I was just wondering if ShaSaltedPasswordHash (https://github.com/picketlink/picketlink/blob/master/idm/impl/src/main/java/org/picketlink/idm/password/internal/SHASaltedPasswordHash.java#L13)
could replace PlainTextPassword in this example, because I don't want to provide examples to our users with passwords stored in plain text.
Is it possible?
"The measure of a man is what he does with power" - Plato
Volenti Nihil Difficile
More information about the security-dev