[security-dev] Undertow / IdentityManager and Digest Authentication
bburke at redhat.com
Wed May 1 18:54:04 EDT 2013
On 5/1/2013 6:39 PM, Stuart Douglas wrote:
> Even though not handing out the credentials directly may feel more
> secure, I don't think it actually is, unless you have a scenario that is
> not covered above?
I'll give you another one: What does IdentityManager.updateCredential()
do? Does it allow you to update a password? If so, you're saying that
its ok to change a password, but not read it from the store?
JBoss, a division of Red Hat
More information about the security-dev