[jboss-jira] [JBoss JIRA] Updated: (AS7-1838) Add support for pre-digested passwords to AS7 domain realms
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Tue Sep 20 05:33:26 EDT 2011
[ https://issues.jboss.org/browse/AS7-1838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated AS7-1838:
----------------------------------
Priority: Critical (was: Major)
Fix Version/s: 7.1.0.Beta1
(was: 7.0.2.Final)
> Add support for pre-digested passwords to AS7 domain realms
> -----------------------------------------------------------
>
> Key: AS7-1838
> URL: https://issues.jboss.org/browse/AS7-1838
> Project: Application Server 7
> Issue Type: Task
> Components: Domain Management, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 7.1.0.Beta1
>
>
> Storing plain text passwords means that should the file containing these passwords be compromised not only could the passwords be used to access the AS instance they were using the passwords could potentially be used for any systems secured with the same passwords.
> The pre-digested passwords will be digested with the username, password and realm - this will mean that although they still need to be kept secure to prevent access to the AS instance they secure they will not be useful for gaining access to different systems secured with different realms.
> (As backwards compatibility is to be retained AS 7.0.2 will have this feature switched off by default leaving the end user to choose to switch it on - for AS 7.1.0 this will be reversed making it the default for out of the box)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list