Add support for pre-digested passwords to AS7 domain realms ----------------------------------------------------------- Key: AS7-1838 URL: https://issues.jboss.org/browse/AS7-1838 Project: Application Server 7 Issue Type: Task Components: Domain Management, Security Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 7.0.2.Final Storing plain text passwords means that should the file containing these passwords be compromised not only could the passwords be used to access the AS instance they were using the passwords could potentially be used for any systems secured with the same passwords. The pre-digested passwords will be digested with the username, password and realm - this will mean that although they still need to be kept secure to prevent access to the AS instance they secure they will not be useful for gaining access to different systems secured with different realms. (As backwards compatibility is to be retained AS 7.0.2 will have this feature switched off by default leaving the end user to choose to switch it on - for AS 7.1.0 this will be reversed making it the default for out of the box) -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira