Author: jleroux
Date: Sun Sep 8 08:17:54 2019
New Revision: 1866596
URL:
http://svn.apache.org/viewvc?rev=1866596&view=revLog:
Improved: Document how to store the JWT secret key
(OFBIZ-10751)
Adds a link to OFBIZ-11187
Modified:
ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc
Modified: ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc?rev=1866596&r1=1866595&r2=1866596&view=diff==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc (original)
+++ ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc Sun Sep 8 08:17:54 2019
@@ -74,7 +74,7 @@ Note: if you want to use a pair of publi
*
https://cryptosense.com/blog/mighty-aphrodite-dark-secrets-of-the-java-keystore/ *
https://neilmadden.blog/2017/11/17/java-keystores-the-gory-details/
-Also remember that like everything a
https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/[JWT can be attacked] and, though not used or tried in OFBiz yet,
https://github.com/auth0/java-jwt#using-a-keyprovider[a good way is to mitigate an attack by using a KeyProvider]
+Also remember that like everything a
https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/[JWT can be attacked] and, though not used or tried in OFBiz yet,
https://github.com/auth0/java-jwt#using-a-keyprovider[a good way is to mitigate an attack by using a KeyProvider]. I have created
https://issues.apache.org/jira/browse/OFBIZ-11187[OFBIZ-11187] for that.
===== Properties
Locked
