BTW, we'll have to think of something similar to protect realm private
keys. Getting access to the private key of a realm would be 1000 times
worse than getting the PW database as you could write a token giving any
permission you wanted.
Any ideas? Maybe a master boot password which is used to encrypt the
private keys? Which is entered on server startup?
On 1/22/2014 9:25 AM, Bruno Oliveira wrote:
Thank you Bill, awesome!
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com