[jboss-as7-dev] How hard would it be to support key based auth by default to make life simpler and more secure ?

Sunday, 13 November 2011

Hi,

Been thinking about the new username/password requirements.

These will make all examples that uses maven deploy plugin, cli scripts, arquillian, jboss
tools etc. to somehow
either tell users to type in their username and full password in clear text in pom.xml and
other files.

Which sounds worse to me than a default locked down to only localhost…but I'm not a
security expert :)

I was wondering how hard it would be to make the authentication support key based auth by
default and we make
the tools use ${user.name} and ${user.home}/.jboss/default.pub and .priv (or some other
name) for the public/private keys ?

Then the tooling (cli, IDE plugins etc.) could create these by default and examples could
use ${user.name} and ${user.home}/.jboss/default.pub as
the preconfigured parameters.

The examples would run out of the box and it would be limited to work from the machine
that actually got the right key ( simpler and more secure)
vs to the current AS7.1 master solution where examples won't run out of the box and
when configured will run from anywhere - i.e. harder and less secure)

WDYT ?

/max
http://about.me/maxandersen

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[jboss-as7-dev] How hard would it be to support key based auth by default to make life simpler and more secure ?