You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Les Hazlewood (Resolved) (JIRA)" <ji...@apache.org> on 2011/12/13 02:39:31 UTC
[jira] [Resolved] (SHIRO-280) Create a PasswordService to automate
user password management techniques
[ https://issues.apache.org/jira/browse/SHIRO-280?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Les Hazlewood resolved SHIRO-280.
---------------------------------
Resolution: Fixed
Fix Version/s: 1.2.0
> Create a PasswordService to automate user password management techniques
> ------------------------------------------------------------------------
>
> Key: SHIRO-280
> URL: https://issues.apache.org/jira/browse/SHIRO-280
> Project: Shiro
> Issue Type: New Feature
> Components: Cryptography & Hashing
> Reporter: Les Hazlewood
> Assignee: Les Hazlewood
> Fix For: 1.2.0
>
>
> While Shiro's hash support is great for both password hashing and general purpose hashing, when hashing passwords, some common techniques and strategies are often used to ensure a consistently strong password management experience. These techniques are currently implemented by the application developer however, which means that 1) they have to design a secure strategy and 2) implement it themselves using Shiro's Hash mechanisms.
> It'd be much nicer if Shiro provided, say, a PasswordService interface and implementations that implement what the community feels are best practices that can be used out-of-the-box so 1) and 2) don't need to be repeated on a per-app basis.
> This is probably related to SHIRO-213 as well.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira