Agreed. But if ini isn't the way to do it, why are the Shiro docs targeted squarely at ini? I have no problem with ini files, they are just as [in]secure as any database mechanism. But I'm not storing user data in the ini - just [users] and [roles] sections exactly as the docs describe it (except I leave out passwords, as that is truly insecure). Seems unusual to have docs to describe a method that should not be used.
Thanks -- View this message in context: http://shiro-user.582556.n2.nabble.com/Change-Shiro-configuration-at-runtime-tp7580921p7580930.html Sent from the Shiro User mailing list archive at Nabble.com.
