[jboss-dev-forums] [Design the new POJO MicroContainer] - Re: Security services deployer for the MC
david.lloyd@jboss.com
do-not-reply at jboss.com
Tue Jan 27 13:09:16 EST 2009
I'm in the process now of adding tags to create injectable keys from key files and keystores. A logical extension of that would be to inject passwords (read from files? maybe as char arrays, maybe as some kind of opaque object (like a CallbackHandler that handles PasswordCallbacks perhaps?)). What kind of security precautions should be taken? The implication here is that if the password "lives" in the microcontainer's managed space, then anyone who has access to that space gets the password. Maybe a special permission that includes the password bean name should be required to access it? What do you guys think? If I introduce special permissions for password access, I would think we'd want to do the same for SecretKey/PrivateKeys as well since they have similar security implications from what I can see.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4205046#4205046
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4205046
More information about the jboss-dev-forums
mailing list