[security-dev] Undertow / IdentityManager and Digest Authentication

Bill Burke bburke at redhat.com
Wed May 1 18:54:04 EDT 2013

On 5/1/2013 6:39 PM, Stuart Douglas wrote:
> Even though not handing out the credentials directly may feel more
> secure, I don't think it actually is, unless you have a scenario that is
> not covered above?

I'll give you another one: What does IdentityManager.updateCredential() 
do?  Does it allow you to update a password?  If so, you're saying that 
its ok to change a password, but not read it from the store?

Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list