svn commit: r1866596 - /ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1866596 - /ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc

jleroux@apache.org
Author: jleroux
Date: Sun Sep  8 08:17:54 2019
New Revision: 1866596

URL: http://svn.apache.org/viewvc?rev=1866596&view=rev
Log:
Improved: Document how to store the JWT secret key
(OFBIZ-10751)

Adds a link to OFBIZ-11187

Modified:
    ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc

Modified: ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc?rev=1866596&r1=1866595&r2=1866596&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc (original)
+++ ofbiz/ofbiz-framework/trunk/framework/security/src/docs/asciidoc/_include/sy-password-and-JWT.adoc Sun Sep  8 08:17:54 2019
@@ -74,7 +74,7 @@ Note: if you want to use a pair of publi
 * https://cryptosense.com/blog/mighty-aphrodite-dark-secrets-of-the-java-keystore/
 * https://neilmadden.blog/2017/11/17/java-keystores-the-gory-details/
 
-Also remember that like everything a https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/[JWT can be attacked] and, though not used or tried in OFBiz yet,  https://github.com/auth0/java-jwt#using-a-keyprovider[a good way is to mitigate an attack by using a KeyProvider]
+Also remember that like everything a https://www.sjoerdlangkemper.nl/2016/09/28/attacking-jwt-authentication/[JWT can be attacked] and, though not used or tried in OFBiz yet,  https://github.com/auth0/java-jwt#using-a-keyprovider[a good way is to mitigate an attack by using a KeyProvider]. I have created https://issues.apache.org/jira/browse/OFBIZ-11187[OFBIZ-11187] for that.
 
 ===== Properties