Apache Shiro 1.2.0 enhances its password hashing
Source: H Security - Posted by Anthony Pell   
Security Projects Just over fourteen months since its first release as an Apache top-level project, the Apache Shiro developers have released version 1.2.0, the first major update to the Shiro application security framework. Shiro is designed to enable Java developers to create enterprise applications with features such as authentication, authorisation, enterprise management and cryptography services, without having to use JAAS or EJB security models. One design goal of Shiro was to make the software understandable after a ten minute tutorial.

The 1.2.0 release includes new features such as the ability to selectively disable sessions and a LogoutFilter for applications which need to redirect users after logging them out. A command line program to securely hash passwords and new secure password hash formats are designed to be easier to work with, while working in a similar fashion to Apache HTTPD's passwd program. A new PasswordService module makes secure password hash storage simpler and can be used directly in applications along with a PasswordMatcher module to perform comparisons.

Read this full article at H Security

Only registered users can write comments.
Please login or register.

Powered by AkoComment!