[jboss-dev-forums] [PicketBox Development] - AS7: Utilising masked passwords via the vault
mentallurg
do-not-reply at jboss.com
Sun Dec 30 10:27:28 EST 2012
mentallurg [https://community.jboss.org/people/mentallurg] commented on the document
"AS7: Utilising masked passwords via the vault"
To view all comments on this document, visit: https://community.jboss.org/docs/DOC-17472#comment-11313
--------------------------------------------------
JBoss vault is *not safe*. It gives you false feeling of safety. You *disclose the password* to access the vault via KEYSTORE_PASSWORD. Everyone can easily decrypt all the passwords you have encrypted.
Unfortunately JBoss does not help users to understand it and to be aware of security problems.
--------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20121230/d3c5cd1f/attachment.html
More information about the jboss-dev-forums
mailing list