Anil Saldhana [
http://community.jboss.org/people/anil.saldhana] created the document:
"JBoss AS7: Password Masking and Encryption"
To view the document, visit:
http://community.jboss.org/docs/DOC-16845
--------------------------------------------------------------
This article will describe the strategies/design for both password masking and
encryption.
h2.
h2. Objective
The configuration/domain model needs one or more passwords. We do not want to specify the
passwords in clear text.
h2. Methods
There are 2 methods available to specify passwords without clear text visibility.
1. Password based encryption (aka Masking)
2. Password Encryption using AES, 3DES etc
Password Based Encryption (PBE) provides security by obsurity. It just masks the password.
It does not provide any fool-proof security.
Password Encryption using AES or 3DES provides industry strength encryption.
h2.
h2. Challenges
PBE uses the following:
1. Salt
2. Iteration Count
3. Password to mask.
Encryption uses a secret key to encrypt the password. When you are ready to decrypt the
password, you will need the secret key.
The biggest challenge is going to be +managing the secret key+.
--------------------------------------------------------------
Comment by going to Community
[
http://community.jboss.org/docs/DOC-16845]
Create a new document in PicketBox Development at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=102&am...]