[security-dev] Undertow / IdentityManager and Digest Authentication
Bill Burke
bburke at redhat.com
Wed May 1 18:54:04 EDT 2013
On 5/1/2013 6:39 PM, Stuart Douglas wrote:
>
> Even though not handing out the credentials directly may feel more
> secure, I don't think it actually is, unless you have a scenario that is
> not covered above?
>
I'll give you another one: What does IdentityManager.updateCredential()
do? Does it allow you to update a password? If so, you're saying that
its ok to change a password, but not read it from the store?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list