[jboss-jira] [JBoss JIRA] (JBRULES-2856) Encrypted passwords in the change-set.xml
[
https://issues.jboss.org/browse/JBRULES-2856?page=com.atlassian.jira.plug...
]
RH Bugzilla Integration commented on JBRULES-2856:
--------------------------------------------------
Edson Tirelli <etirelli(a)redhat.com> made a comment on [bug
724616|https://bugzilla.redhat.com/show_bug.cgi?id=724616]
As we discussed by e-mail, the only solution for this is to use a keystore to store the
crypto key so that it is managed by the JVM. We can do that, but my feeling is that
customers will simply not use it, as keystores are annoying for the users to configure
(see what happened with kbase signing feature).
If this was requested by a customer, we will do it. Otherwise, if it is an internal
request, I don't think it will be worth the time spent on it.
Encrypted passwords in the change-set.xml
-----------------------------------------
Key: JBRULES-2856
URL: https://issues.jboss.org/browse/JBRULES-2856
Project: Drools
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Affects Versions: 5.1.1.FINAL
Environment: fedora 12, jdk 1.6, drools 5.1.0 expert
Reporter: Alessandro Lazarotti
Assignee: Mark Proctor
Currently the drools client API access Guvnor by creditials declared as plain-text in
change-set.xml or property files. This is a security problem for many companies. Is very
important develop a mechanism to obfuscate the password
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira