[jboss-jira] [JBoss JIRA] (ELY-183) Change password protocols
Darran Lofthouse (JIRA)
issues at jboss.org
Wed May 6 06:15:48 EDT 2015
Darran Lofthouse created ELY-183:
------------------------------------
Summary: Change password protocols
Key: ELY-183
URL: https://issues.jboss.org/browse/ELY-183
Project: WildFly Elytron
Issue Type: Enhancement
Components: API / SPI
Reporter: Darran Lofthouse
Fix For: 1.0.0.Final
Potentially this is a bit of a research task, as I have mentioned in a couple of places I don't like relying on SSL exclusively for confidentiality - my reasons being it is perfect until their is a compromise and then it is as useful as a chocolate tea pot ;-)
A lot of the emphasis in the Elytron development so far has been implementation of the more secure SASL mechanisms to eliminate weak password exchanges between a client and the server - however we still have the need for password to be set remotely, this task is to explore some of those options.
Are there any existing protocols to remotely set a password securely?
Is there anything specific to our current password types we can take advantage of?
Are there features of any of our SASL mechanisms to apply a second layer of confidentiality?
Any other options?
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list