[jboss-as7-dev] How hard would it be to support key based auth by default to make life simpler and more secure ?

Anil Saldhana Anil.Saldhana at redhat.com
Sun Nov 13 22:22:18 EST 2011


Max,
   as Jason pointed out.  The challenges are the setup required.

If each of the elements you mention (mvn deploy plugin, cli, arquilian 
etc) support PKI, then we can do that.

I am unsure that our users would want the added pain of setting up PKI.

Regards,
Anil

On 11/13/2011 12:49 PM, Max Rydahl Andersen wrote:
> Hi,
>
> Been thinking about the new username/password requirements.
>
> These will make all examples that uses maven deploy plugin, cli scripts, arquillian, jboss tools etc. to somehow
> either tell users to type in their username and full password in clear text in pom.xml and other files.
>
> Which sounds worse to me than a default locked down to only localhost…but I'm not a security expert :)
>
> I was wondering how hard it would be to make the authentication support key based auth by default and we make
> the tools use ${user.name} and ${user.home}/.jboss/default.pub and .priv (or some other name) for the public/private keys ?
>
> Then the tooling (cli, IDE plugins etc.) could create these by default and examples could use ${user.name} and ${user.home}/.jboss/default.pub as
> the preconfigured parameters.
>
> The examples would run out of the box and it would be limited to work from the machine that actually got the right key ( simpler and more secure)
> vs to the current AS7.1 master solution where examples won't run out of the box and when configured will run from anywhere - i.e. harder and less secure)
>
> WDYT ?
>
> /max
> http://about.me/maxandersen
>


More information about the jboss-as7-dev mailing list