shiro plugin issue



Hello all.. I'm using the shiro plugin with grails 2.0 and storing the user's password encrypted with the Sha512Hash().toHex() method, as shown at the plugin webpage. Now, I would like the user to see the original pass in a html form, so that he/she could updated it... passing the normal string to the controller and encrypting it there once again before the update
How can I achieve this? I don't see something like this in the Sha512Hash API.
Maybe I missed something.. I'm new to encryption


Staff member
Hi, You won't see the password.. that's the entire point on one-way encryption methods like this... When the user chooses a password, it is encrypted and then only the encrypted version is held in your database preventing any chance of password theft.

When a user attempts to log in, what they type in is encrypted and that encrypted string is compared with the encrypted string held in your database... if they match, then what they typed will be what their original password choice was.

If you really absolutely must present their password to them.. you must store it in a separate field. But you really shouldn't, if they've logged in, then they already know their password so why show it to them? Just ask them if they want to supply a new password, with two texfields, the second textfield being a confirmation box to reduce the chance of them mistyping their password, saving the form and then not being able to log in again because they saved a wrong password.