Re: Remove PlaintextPasswordHash from API?


Guillermo González de Agüero
 

But even for development, having a standard implementation that takes care of generating hashes for creating new accounts seems enough to me.

+1 for complete removal (even for RI). 

El mié., 26 de julio de 2017 20:51, Arjan Tijms <arjan.tijms@...> escribió:
No strong objections here either. I do absolutely agree that storing passwords in plain text in a production DB does border on criminal neglect.

The only somewhat excuse is that not all usage of Java EE is necessarily production usage.

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.