[security-dev] SHA salted passwords
Bruno Oliveira
bruno at abstractj.org
Mon Jan 7 04:49:58 EST 2013
Good morning everyone.
I'm planning to upgrade AeroGear to PicketLink, looking at the examples looks like the passwords will be stored in plain text
(https://github.com/picketlink/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/security/register/RegistrationEndpoint.java#L85).
I was just wondering if ShaSaltedPasswordHash (https://github.com/picketlink/picketlink/blob/master/idm/impl/src/main/java/org/picketlink/idm/password/internal/SHASaltedPasswordHash.java#L13)
could replace PlainTextPassword in this example, because I don't want to provide examples to our users with passwords stored in plain text.
Is it possible?
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
More information about the security-dev
mailing list