felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carsten Ziegeler <cziege...@apache.org>
Subject Re: Plaintext password in configuration files for Jetty and Webconsole
Date Sat, 23 Apr 2016 15:18:12 GMT
Antonio Sanso wrote
> hi,
> 
> I would actually have the same question?
> 
> Is there anything can be done here ? If not there is any plan to improve this?
> I might try to help out in this area providing a patch…
> 
> Anyone :)?
> 

Didn't we discuss some time back to have a crypt service and leave it up
to every component to use this service to decrypt configuration properties?

Automatic decryption e.g. in configuration admin is not really a good
idea, as this would mean everyone can get the configuration decrypted
and it's visible in the web console, in the status zip etc.

Regards
Carsten
-- 
Carsten Ziegeler
Adobe Research Switzerland
cziegeler@apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org


Mime
View raw message