[
https://issues.jboss.org/browse/AS7-4646?page=com.atlassian.jira.plugin.s...
]
Jess Sightler commented on AS7-4646:
------------------------------------
@Jason Greene - To be clear here, I'm not really arguing against the points you are
making here. We just have to deal with a very particular set of security requirements (not
from ourselves), that are based on history and various other reasons.
Honestly, you are absolutely right... if this thing were controlled by Javascript, and the
header could be construed as to not look like BASIC, that would likely be adequate to pass
this checklist.
Management Console needs to support FORM authentication
-------------------------------------------------------
Key: AS7-4646
URL:
https://issues.jboss.org/browse/AS7-4646
Project: Application Server 7
Issue Type: Feature Request
Components: Console
Reporter: Jess Sightler
Assignee: Jason Greene
Labels: security
Many clients have security requirements that disallow HTTP Basic authentication. HTTP
Digest is also disallowed due to the requirement to store plaintext passwords on the
server. HTTP Form based authentication would provide a much smoother experience for users
and comply with client requirements.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira