inspector [
https://community.jboss.org/people/inspector] commented on the document
"AS7: Utilising masked passwords via the vault"
To view all comments on this document, visit:
https://community.jboss.org/docs/DOC-17472#comment-11746
--------------------------------------------------
As far as I understood the concept, it is safe if used correctly. The keystore should not
be located on the server machine. It should only be available to the server on startup.
You may place it on a USB-dongle which is removed after complete startup. But you are
right in that most people won't do that. On the other hand most people won't need
that too.
--------------------------------------------------