Yes good idea, then a link to the location where things are explained would fit, right?
Jacques
Le 16/11/2018 à 12:31, Jacopo Cappellato a écrit :
> My understanding is that we have one one method already implemented (i.e.
> password stored in security.properties) and the other methods proposed will
> need some sort of coding; if this is the case then I would not mention them
> in the comments because it could be confusing: instead we should highlight
> in our docs the files that needs to be protected (e.g. security.properties
> and Catalina's ofbiz-component.xml) because they contain secrets.
>
> Jacopo
>
>
>
> On Thu, Nov 15, 2018 at 8:11 PM Jacques Le Roux <
>
[hidden email]> wrote:
>
>> Hi,
>>
>> In OFBIZ-9833 we suggested several ways on how to store the JWT secret.
>>
>> I think that rather to force one of the suggestions OOTB we should rather
>> propose them as a comment (or a link to a dedicated text file if too long)
>> with the login.secret_key_string in the security.properties file.
>>
>> Then users can pick the one they prefer or follow external links provided
>> to pick one.
>>
>> If nobody disagree I'll do that soon (say in less than a week)
>>
>> Jacques
>>
>>
Locked
