|<< Back to previous view|
[GLASSFISH-1577] JDBCRealm should allow for salting hashed passwords Created: 24/Nov/06 Updated: 28/Aug/13
|Fix Version/s:||not determined|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
Operating System: Windows XP
|Participants:||ananner, raharsha, Shing Wai Chan, tmpsa and Tom Mueller|
The JDBCRealm allows for the hashing of passwords, but it does not currently
Weblogic 9.2 uses a hidden salt that is added to hashed passwords. I believe
|Comment by Shing Wai Chan [ 31/May/07 08:48 AM ]|
|Comment by Tom Mueller [ 06/Mar/12 09:58 PM ]|
Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.
|Comment by tmpsa [ 28/Aug/13 12:58 PM ]|
With the steady flow of stories about stolen password files (even at reputable service providers), this issue is becoming increasingly critical.
Salted password hashes has been standard tech for a very long time. Glassfish should provide this trivial functionality out-of-the-box.
Please upgrade the priority and assign a target version for this issue.