From 450600cbb8bd931496804e3b17b01c0e7655e27f Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Fri, 12 Jan 2018 09:17:05 -0600 Subject: [PATCH] Polish reference --- docs/manual/src/docs/asciidoc/_includes/password-encoder.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/src/docs/asciidoc/_includes/password-encoder.adoc b/docs/manual/src/docs/asciidoc/_includes/password-encoder.adoc index 613bff3cfb..71f8123702 100644 --- a/docs/manual/src/docs/asciidoc/_includes/password-encoder.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/password-encoder.adoc @@ -45,7 +45,7 @@ https://en.wikipedia.org/wiki/PBKDF2[PBKDF2], https://en.wikipedia.org/wiki/Scrypt[scrypt], and https://en.wikipedia.org/wiki/Argon2[Argon2]. -Because adaptive one-way functions are intentionally resource intensive, validating a username and password for every request will degrade performance of an application significantly +Because adaptive one-way functions are intentionally resource intensive, validating a username and password for every request will degrade performance of an application significantly. There is nothing Spring Security (or any other library) can do to speed up the validation of the password since security is gained by making the validation resource intensive. Users are encouraged to exchange the long term credentials (i.e. username and password) for a short term credential (i.e. session, OAuth Token, etc). The short term credential can be validated quickly without any loss in security.