AnsweredAssumed Answered

Storing User Passwords Securely (A.E) planned?

Question asked by udoderk on Mar 20, 2013
Latest reply on Mar 21, 2013 by udoderk
Hi Activiti Core Team,

now i'm found, that the user passwords are stored as plain text. The Storage in this way is not a good solution (as well as store a "one-way hash" , "salt" the password before hashing, PER_USER_SALT + password - thay are bad solutions)
Are you planning the securely storing of the user passwords using jBCrypt, scrypt or Shiro or other security solutions?

If we want to implement the more Securely solutions like using jBcrypt for Activiti Explorer, what steps are needed?
i know currently the step number zero ;) : set the library like jBcrypt to the java class path
i suppose, that i need to implement own identity service (like following descriptions (1, 2)


Thanks

Outcomes