Re: Remove PlaintextPasswordHash from API?


Will Hopkins
 

Thanks, everyone. I'll go ahead and remove it, then.

On 07/26/2017 02:53 PM, Guillermo González de Agüero wrote:
But even for development, having a standard implementation that takes care of generating hashes for creating new accounts seems enough to me.

+1 for complete removal (even for RI). 

El mié., 26 de julio de 2017 20:51, Arjan Tijms <arjan.tijms@...> escribió:
No strong objections here either. I do absolutely agree that storing passwords in plain text in a production DB does border on criminal neglect.

The only somewhat excuse is that not all usage of Java EE is necessarily production usage.

-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.