Re: Remove PlaintextPasswordHash from API?


Arjan Tijms
 

No strong objections here either. I do absolutely agree that storing passwords in plain text in a production DB does border on criminal neglect.

The only somewhat excuse is that not all usage of Java EE is necessarily production usage.

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.