You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "Dan Haywood (JIRA)" <ji...@apache.org> on 2012/12/17 00:28:12 UTC

[jira] [Reopened] (ISIS-219) Allow Password's to be stored in database as encoded strings

     [ https://issues.apache.org/jira/browse/ISIS-219?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dan Haywood reopened ISIS-219:
------------------------------


reopening only to change version number.
                
> Allow Password's to be stored in database as encoded strings
> ------------------------------------------------------------
>
>                 Key: ISIS-219
>                 URL: https://issues.apache.org/jira/browse/ISIS-219
>             Project: Isis
>          Issue Type: New Feature
>          Components: Objectstore: SQL
>    Affects Versions: isis-1.0.0
>            Reporter: Kevin Meyer
>            Assignee: Kevin Meyer
>             Fix For: isis-1.0.0
>
>
> At the moment, the SQL OS does not encode the Isis Password value type password values when writing to the database.
> This enhancement implements a simple encoding / decoding system that allows the Isis Password value type to be stored in a simply encoded value in the database table, while remaining in plain text when in memory.
> The conversion is done by the database layer when storing (encoding) and retrieving (decoding) values.
> Enable by adding the following to the isis.properties:
> isis.persistor.sql.password.seed=<some random text>
> isis.persistor.sql.password.length=<length of encoded string>
> All strings will be stored in the database field as strings of length "isis.persistor.sql.password.length", which defaults to 120.
> If isis.persistor.sql.password.seed is undefined (null), the default behaviour (of not encoding the string) will apply.
> The "isis.persistor.sql.password.seed" is a custom value that is used to encode the password.
> NOTE: This is not secure nor unbreakable, it just prevents a casual observer of your database from being able to read your stored passwords.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira