[jboss-jira] [JBoss JIRA] (JBRULES-2856) Encrypted passwords in the change-set.xml

[RH Bugzilla Integration (JIRA)]

    [ https://issues.jboss.org/browse/JBRULES-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680118#comment-12680118 ] 

RH Bugzilla Integration commented on JBRULES-2856:
--------------------------------------------------

Edson Tirelli <etirelli at redhat.com> made a comment on [bug 724616|https://bugzilla.redhat.com/show_bug.cgi?id=724616]

As we discussed by e-mail, the only solution for this is to use a keystore to store the crypto key so that it is managed by the JVM. We can do that, but my feeling is that customers will simply not use it, as keystores are annoying for the users to configure (see what happened with kbase signing feature).

If this was requested by a customer, we will do it. Otherwise, if it is an internal request, I don't think it will be worth the time spent on it.
                
> Encrypted passwords in the change-set.xml
> -----------------------------------------
>
>                 Key: JBRULES-2856
>                 URL: https://issues.jboss.org/browse/JBRULES-2856
>             Project: Drools
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>    Affects Versions: 5.1.1.FINAL
>         Environment: fedora 12, jdk 1.6, drools 5.1.0 expert
>            Reporter: Alessandro Lazarotti
>            Assignee: Mark Proctor
>
> Currently the drools client API access Guvnor by creditials declared as plain-text in change-set.xml or property files. This is a security problem for many companies. Is very important develop a mechanism to obfuscate the password

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira