]
Brett Meyer updated SRAMP-384:
------------------------------
Fix Version/s: 0.5.0.Alpha1
Add validation for password in overlord commons installer
---------------------------------------------------------
Key: SRAMP-384
URL:
https://issues.jboss.org/browse/SRAMP-384
Project: S-RAMP
Issue Type: Bug
Security Level: Public(Everyone can see)
Reporter: Eric Wittmann
Assignee: David virgil naranjo
Fix For: 0.5.0.Final, 0.5.0.Alpha1
Currently the overlord commons installer is responsible for doing all security related
work. This includes creating the overlord 'admin' user and configured a password
for this user. The installer prompts the user for this password and then passes whatever
the user entered to the JBoss EAP add-user utility. This utility will fail if the
password does not meet certain standards. However, the utility fails without failing the
overall install.
The installer should do its own validation of the password entered by the user so that
this silent failure doesn't happen. Also note that the password input and validation
should happen before anything else security related gets installed.