Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Changes in default password properties
With the upgrade to Spring Framework 5.0 the password storage has undergone a major change to provide more secure defaults. This means that passwords are now stored in an encrypted way by default. Existing passwords in publisher.properties should all be prefixed with {noop} to ensure that any existing plain text passwords will still work. The default encryption algorithm is Bcrypt. If password encryption is not turned off by the user, any password that is changed will be stored using Bcrypt, and thus stored in publisher.properties prefixed with {bcrypt}..
Please update the oauth2.secret accordingly.
Example
In Publisher 4.0.x the oauth2.secret would look like this:
Code Block | ||
---|---|---|
| ||
oauth2.secret=123 |
In Publisher 4.1 you have two choices, either set the password without encryption:
Code Block | ||
---|---|---|
| ||
oauth2.secret={noop}123 |
Or with BCrypt encryption:
Code Block | ||
---|---|---|
| ||
oauth2.secret={bcrypt}$2a$04$zMrh.OEz/qDyPZnP14vMwucVpS5rTI91NZDHhW6fVG2sA.9NPGG16 |
You can encrypt your passwords using an online BCrypt tool such as: https://www.devglan.com/online-tools/bcrypt-hash-generatorPlease update the oauth2.secret accordingly.
Panel | ||||
---|---|---|---|---|
On this page:
|