[jboss-as7-dev] How hard would it be to support key based auth by default to make life simpler and more secure ?

Max Rydahl Andersen max.andersen at redhat.com
Mon Nov 14 06:37:00 EST 2011


On Nov 14, 2011, at 04:22, Anil Saldhana wrote:

> Max,
>   as Jason pointed out.  The challenges are the setup required.
> 
> If each of the elements you mention (mvn deploy plugin, cli, arquilian 
> etc) support PKI, then we can do that.
> 
> I am unsure that our users would want the added pain of setting up PKI.

It's that vs having plain text username/passwords in your pom.xml and examples
won't run without it.

With a key based setup these things would be simpler.

/max


> 
> Regards,
> Anil
> 
> On 11/13/2011 12:49 PM, Max Rydahl Andersen wrote:
>> Hi,
>> 
>> Been thinking about the new username/password requirements.
>> 
>> These will make all examples that uses maven deploy plugin, cli scripts, arquillian, jboss tools etc. to somehow
>> either tell users to type in their username and full password in clear text in pom.xml and other files.
>> 
>> Which sounds worse to me than a default locked down to only localhost…but I'm not a security expert :)
>> 
>> I was wondering how hard it would be to make the authentication support key based auth by default and we make
>> the tools use ${user.name} and ${user.home}/.jboss/default.pub and .priv (or some other name) for the public/private keys ?
>> 
>> Then the tooling (cli, IDE plugins etc.) could create these by default and examples could use ${user.name} and ${user.home}/.jboss/default.pub as
>> the preconfigured parameters.
>> 
>> The examples would run out of the box and it would be limited to work from the machine that actually got the right key ( simpler and more secure)
>> vs to the current AS7.1 master solution where examples won't run out of the box and when configured will run from anywhere - i.e. harder and less secure)
>> 
>> WDYT ?
>> 
>> /max
>> http://about.me/maxandersen
>> 
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev

/max
http://about.me/maxandersen






More information about the jboss-as7-dev mailing list