Skip to content
Browse files

added config settings to revert password hashing to 1.2.x approach

  • Loading branch information...
1 parent 35b733e commit 790bf1ebaa96b4a135c3f8ac5bcec0e27b0c85e0 @burtbeckwith burtbeckwith committed Jan 9, 2014
Showing with 7 additions and 0 deletions.
  1. +7 −0 src/docs/guide/newInV2.gdoc
View
7 src/docs/guide/newInV2.gdoc
@@ -28,6 +28,13 @@ h5. bcrypt by default
The default password hashing algorithm is now bcrypt since it is a very robust hashing approach. [PBKDF2|https://en.wikipedia.org/wiki/PBKDF2] is similar and is also supported. You can still use any message digest algorithm that is supported in your JDK; see [this Java page|http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html] for the available algorithms.
+New applications should use bcrypt or PBKDF2, but if you didn't change the default settings in previous versions of the plugin and want to continue using the same algorithm, use these settings:
+
+{code}
+grails.plugin.springsecurity.password.algorithm = 'SHA-256'
+grails.plugin.springsecurity.password.hash.iterations = 1
+{code}
+
h5. Session Fixation Prevention by default
Session Fixation Prevention is now enabled by default, but can be disabled with

0 comments on commit 790bf1e

Please sign in to comment.
Something went wrong with that request. Please try again.