[jboss-jira] [JBoss JIRA] (JGRP-1721) AUTH and ENCRYPT protocols configured with plain text passwords
David Jorm (JIRA)
jira-events at lists.jboss.org
Thu Oct 24 17:30:01 EDT 2013
[ https://issues.jboss.org/browse/JGRP-1721?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12824819#comment-12824819 ]
David Jorm commented on JGRP-1721:
----------------------------------
Usage of vault is a mandatory security feature where applicable, i.e. in XML config files for a component that will run on WildFly/EAP. When passwords are set programmatically by the user, or via another mechanism, then it is not applicable.
> AUTH and ENCRYPT protocols configured with plain text passwords
> ---------------------------------------------------------------
>
> Key: JGRP-1721
> URL: https://issues.jboss.org/browse/JGRP-1721
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 3.4
> Reporter: Martin Gencur
> Assignee: Bela Ban
> Fix For: 3.5
>
>
> The following parameters of AUTH protocol are stored as plain text:
> * keystore_password
> The following parameters of ENCRYPT protocol are stored as plain text:
> * store_password
> * key_password
> Example:
> {code}
> <ENCRYPT key_store_name="defaultStore.keystore" store_password="changeit" alias="myKey"/>
> {code}
> Requirements for storing passwords: https://docspace.corp.redhat.com/docs/DOC-131628
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list