Re: Remove PlaintextPasswordHash from API?

Home Messages Hashtags

Will Hopkins #546 Thanks, everyone. I'll go ahead and remove it, then. On 07/26/2017 02:53 PM, Guillermo González de Agüero wrote: But even for development, having a standard implementation that takes care of generating hashes for creating new accounts seems enough to me. +1 for complete removal (even for RI). El mié., 26 de julio de 2017 20:51, Arjan Tijms <arjan.tijms@...> escribió: No strong objections here either. I do absolutely agree that storing passwords in plain text in a production DB does border on criminal neglect. The only somewhat excuse is that not all usage of Java EE is necessarily production usage. -- Will Hopkins \| WebLogic Security Architect \| +1.781.442.0310 Oracle Application Development 35 Network Drive, Burlington, MA 01803
More All Messages By This Member

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.