Getting the details right when implementing password storage is critical. Some hash algorithms are vulnerable or just not suited to password hashing. If the salt is too short or predictable, it may be possible to retrieve the password from the hash. Any number of subtle bugs in coding could result in a password database that is vulnerable in one way or another. Fortunately, Spring Security includes password hashing out of the box. What’s more, since version 3.1, Spring Security automatically takes care of salting too.
Don’t Panic!
Stuart 'Stevie' Leitch's blog on Software Development, Java Technologies, Security and TestingArchives
Tags
apm appdynamics archetype BCrypt blame BotFramework bug ci container DBUnit deploy docker Dockerfile Docker Hub eclipse github hash hibernate image integration test jetty jsp junit maven microservice mistake MockMVC MySQL netbeans node.js Rule Security SOAP spanners spring Spring-WS spring boot spring mvc spring security tapestry test testing tomcat unit test windowsLegal
Don't Panic! blog and example code by Stuart 'Stevie' Leitch is licensed under a Creative Commons Attribution 3.0 Unported License.The views expressed on this blog are my own and do not necessarily reflect the views of my employers, past or present.