This might be a little off-topic, but I figured shiro users would have experience or opinions on this.
I'm looking for advice on creating an activation link that is emailed to a new user of a web site. In a previous small project I created a string like the following and then used a Base64 hash on it: username:datecreated:emailaddress:expiredate When a link with the hash is clicked, the values would be extracted and used to look up the account, verify that the date created and email address match, and that the current date is before the expire date. If this all matches, then the account would be activated. However, this isn't terribly secure. Anyone have advice on a better way to do this? Does shiro provide any encryption/decryption features that I could use to make it stronger? Are there recommended encryption tools I should be using for this? Lastly, I also need a forgot/reset password link for my current project and want to make it more secure as well. Thanks, Tauren
