On 5/1/2013 6:39 PM, Stuart Douglas wrote:
Even though not handing out the credentials directly may feel more
secure, I don't think it actually is, unless you have a scenario that is
not covered above?
I'll give you another one: What does IdentityManager.updateCredential()
do? Does it allow you to update a password? If so, you're saying that
its ok to change a password, but not read it from the store?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com