Hello everyone,
I am fighting with problem that I need to mask password in SSL configuration for JMS (but, it will be the same for any other use). I have the following configuration now:
<mbean code="org.jboss.remoting.security.SSLSocketBuilder"
name="jboss.messaging:service=SocketBuilder,type=SSL"
display-name="SSL Server Socket Factory Builder">
<attribute name="KeyStoreType">JKS</attribute>
</mbean>
However, I am not happy from the plain text password dirrectly written to the configuration file. What I would invite here is one of the following approaches:
- Masked password, as recommended for JMS sucker password (JBoss Security Guide, chapter 16)
- Encrypted database password as possible with org.jboss.resource.security.SecureIdentityLoginModule in login-config.xml (JBoss Security Guide, chapter 17)
- Encrypted, file based password as possible in jbossweb server configuration (however, this is only security by obscurity which is not the right one). (Details in JBoss Security Guide, chapter 18).
Does somebody know, how to secure the password in SSL config to avoid plan text form? And if possible, also in jbossweb, to avoid security by obscurity.
thanks, Martin