Jason Greene [
https://community.jboss.org/people/jason.greene] commented on the document
"JBoss AS7 Securing Passwords"
To view all comments on this document, visit:
https://community.jboss.org/docs/DOC-17248#comment-11342
--------------------------------------------------
mentallurg wrote:
The worst thing is that a Red Hat architect who designed and implemented it does not warn
the users. Users have *false feeling of safety*. Wake up! You are in a big trouble if you
use JBoss vault.
I agree a better warning is needed. Looks like you contributed most
of that, thanks! However, as you yourself mention concealing and relocating passwords
provides security value, it's just a very limited value, that only works in
combination with other layers of security.
I don't think there was really any intention to mislead here. I myself took the
"security through obscurity" quote was actually a reference to "security
through obscurity is no security at all" :)
--------------------------------------------------