StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
20206115
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
4
CommunityOwnedDate
CreationDate
2013-11-26T00:10:43.813
FavoriteCount
0
LastActivityDate
2013-11-26T00:10:43.813
LastEditDate
LastEditorUserId
0
OwnerUserId
1075628
ParentId
12496600
PostTypeId
2
Score
4
ViewCount
0
LastEditorDisplayName
text
Body
The DefaultPasswordService implementation automatically adds a random salt to each encryptPassword call. That "public" salt will be stored within the "hashedPasswordBase64" that you receive from "encryptPassword". Because the "public" salt is individually generated for each hashed password one cannot "simply" generate a rainbow table and brute-force all your hashed passwords at once. For each hashed password the attacker would have to generate an own, unique rainbow table because of the unique "public" salt. So far you do not need to put an extra salt into the database. To make your stored hashed passwords even more secure you can furthermore add a "private" salt that should be stored anywhere else - as long as not in the database. By using a "private" salt you could protect the hashed passwords against a brute-force rainbow-table attack, because the attacker does not know the "private" salt and cannot gain the "private" salt from the database entries. This is a very basic example how to create a PasswordService that utilizes a "private" salt provided as a constant string and that works as CredentialsMatcher: <pre><code>public class MyPrivateSaltingPasswortService extends DefaultPasswordService { public MyPrivateSaltingPasswortService() { super(); HashService service = getHashService(); if (service instanceof DefaultHashService) { ((DefaultHashService) service).setPrivateSalt( new SimpleByteSource("MySuperSecretPrivateSalt")); } } } </code></pre> you then could use your own implementation in shiro.ini: <pre><code>[main] saltedService = com.mycompany.MyPrivateSaltingPasswortService matcher = org.apache.shiro.authc.credential.PasswordMatcher matcher.passwordService = $saltedService realm.credentialsMatcher = $matcher </code></pre> This example was created using shiro-1.2.2
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow to stock and use a shiro's salt from database
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USseafoxx
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.