streamflow icon indicating copy to clipboard operation
streamflow copied to clipboard
verified publisher icon lmco

Security enhancements

Open juliencruz opened this issue 11 years ago • 2 comments

The existing Shiro authentication mechanism should be improved with the following features to enhance security:

  • Lock user account after providing an incorrect password a specific number of times in a given time window.
  • Allow custom realm implementations to provide a custom dao implementation to create/edit/retrieve user accounts. This is necessary to support using custom implementations which store user data such as LDAP and Active Directory.
  • Add support for user account pictures in the user service

juliencruz avatar Nov 29 '14 04:11 juliencruz

Optional Gravatar support might be easier to providing a full account pictures service.

https://en.gravatar.com/

There are also a couple of open-source clones of Gravatar.

christopherlakey avatar Jan 26 '15 18:01 christopherlakey

It is possible to register multiple shiro realms so that one can provide authentication and the other can provide authorization. This makes it possible to mix an ldap realm for identity and authentication and a local permission store for authorization.

This might remove the need to create a custom dao.

christopherlakey avatar Jan 26 '15 19:01 christopherlakey