Re: [keycloak-dev] realm import/upload implemented
If someone can access the REST endpoints they can quite easily do an "export"
themselves.
What should not be exposed through the REST endpoints is the private key or any
credentials. So an export will not work fully. Export/import would require re-generating
keys + resetting all user/app/client passwords. Even hashed passwords can be cracked so we
shouldn't have a REST endpoint exposing them..
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Thursday, 19 December, 2013 2:14:15 PM
Subject: Re: [keycloak-dev] realm import/upload implemented
On 12/19/2013 3:42 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Marek Posolda" <mposolda(a)redhat.com>
>> To: "Gabriel Cardoso" <gcardoso(a)redhat.com>
>> Cc: keycloak-dev(a)lists.jboss.org
>> Sent: Thursday, 19 December, 2013 5:50:57 AM
>> Subject: Re: [keycloak-dev] realm import/upload implemented
>>
>> I wonder if we also want to support export existing realms to JSON file in
>> admin console? Might be useful especially for migration between
>> environments
>> (from stage to production etc)
>
> +1
>
I thought about this long ago, that any export facility should only be
available locally and not remotely. Maybe I'm just overparanoid?
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev