[jboss-dev-forums] [JBoss AS 7 Development] - JBoss AS7 Securing Passwords
Jason Greene
do-not-reply at jboss.com
Fri Jan 4 14:55:24 EST 2013
Jason Greene [https://community.jboss.org/people/jason.greene] commented on the document
"JBoss AS7 Securing Passwords"
To view all comments on this document, visit: https://community.jboss.org/docs/DOC-17248#comment-11342
--------------------------------------------------
> mentallurg wrote:
>
> The worst thing is that a Red Hat architect who designed and implemented it does not warn the users. Users have *false feeling of safety*. Wake up! You are in a big trouble if you use JBoss vault.
I agree a better warning is needed. Looks like you contributed most of that, thanks! However, as you yourself mention concealing and relocating passwords provides security value, it's just a very limited value, that only works in combination with other layers of security.
I don't think there was really any intention to mislead here. I myself took the "security through obscurity" quote was actually a reference to "security through obscurity is no security at all" :)
--------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20130104/f2901de7/attachment.html
More information about the jboss-dev-forums
mailing list