My security team just pointed out that this software is defaulting to DES encryption for passwords, which is reversible. I added a comment to the following wiki page because I'm not comfortable just throwing spring security algorithms on our server unless its been tested. I'm wondering if you would take a look at improving default security by implementing spring security BCrypt, PDKDF2, or SCrypt?
Also is the professional edition also using DES password encryption?
University of Victoria