[keycloak-dev] realm import/upload implemented
Stian Thorgersen
stian at redhat.com
Thu Dec 19 10:41:24 EST 2013
If someone can access the REST endpoints they can quite easily do an "export" themselves.
What should not be exposed through the REST endpoints is the private key or any credentials. So an export will not work fully. Export/import would require re-generating keys + resetting all user/app/client passwords. Even hashed passwords can be cracked so we shouldn't have a REST endpoint exposing them..
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Thursday, 19 December, 2013 2:14:15 PM
> Subject: Re: [keycloak-dev] realm import/upload implemented
>
>
>
> On 12/19/2013 3:42 AM, Stian Thorgersen wrote:
> >
> >
> > ----- Original Message -----
> >> From: "Marek Posolda" <mposolda at redhat.com>
> >> To: "Gabriel Cardoso" <gcardoso at redhat.com>
> >> Cc: keycloak-dev at lists.jboss.org
> >> Sent: Thursday, 19 December, 2013 5:50:57 AM
> >> Subject: Re: [keycloak-dev] realm import/upload implemented
> >>
> >> I wonder if we also want to support export existing realms to JSON file in
> >> admin console? Might be useful especially for migration between
> >> environments
> >> (from stage to production etc)
> >
> > +1
> >
>
> I thought about this long ago, that any export facility should only be
> available locally and not remotely. Maybe I'm just overparanoid?
>
> Bill
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list