[security-dev] SHA salted passwords

Bruno Oliveira bruno at abstractj.org
Mon Jan 7 04:49:58 EST 2013

Good morning everyone. 

I'm planning to upgrade AeroGear to PicketLink, looking at the examples looks like the passwords will be stored in plain text 

I was just wondering if ShaSaltedPasswordHash (https://github.com/picketlink/picketlink/blob/master/idm/impl/src/main/java/org/picketlink/idm/password/internal/SHASaltedPasswordHash.java#L13) 
could replace PlainTextPassword in this example, because I don't want to provide examples to our users with passwords stored in plain text. 

Is it possible? 

"The measure of a man is what he does with power" - Plato
Volenti Nihil Difficile

More information about the security-dev mailing list