[jboss-jira] [JBoss JIRA] Created: (SECURITY-292) org.jboss.security.plugins.FilePassword requires write permission for decoding
Alan Feng (JIRA)
jira-events at lists.jboss.org
Wed Oct 22 17:50:20 EDT 2008
org.jboss.security.plugins.FilePassword requires write permission for decoding
------------------------------------------------------------------------------
Key: SECURITY-292
URL: https://jira.jboss.org/jira/browse/SECURITY-292
Project: JBoss Security and Identity Management
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: 2.0.2.CR8, 2.0.2.CR7, 2.0.2.CR6, 2.0.2.CR5, 2.0.2.CR4, 2.0.2.CR3, 2.0.2.CR2, 2.0.2.CR1, 2.0.2.Beta7, 2.0.2-BETA6, 2.0.2-BETA5, 2.0.2-BETA4, 2.0.2-BETA3, 2.0.1-BETA2, 2.0.1-BETA1, 2.0.2-BETA, 2.0.1.GA
Environment: JBoss AS 4.2.3.GA
Reporter: Alan Feng
Assignee: Anil Saldhana
Priority: Minor
We use org.jboss.security.plugins.FilePassword to avoid storing passwords in clear text. Once created, we'd like to change the file's permission to read-only for regular users in order to ensure that only trusted users can update it.
However, this won't work as the class FilePassword always requires write permission even for decoding the password. The class should be modified so that write permission is only required when create / update the password file.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list