geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Genender <jgenen...@savoirtech.com>
Subject Re: [jira] Updated: (GERONIMO-411) Add Hash Password Rewrite to File Realm
Date Sat, 27 Aug 2005 18:47:47 GMT
Is this something we should do in the plans as well (i.e. SSL certs, etc)?

Aaron Mulder (JIRA) wrote:
>      [ http://issues.apache.org/jira/browse/GERONIMO-411?page=all ]
> 
> Aaron Mulder updated GERONIMO-411:
> ----------------------------------
> 
>     Fix Version: 1.0
>     Description: 
> It would be nice if the properties file realm could rewrite your properties file with
hashed passwords when it reads it.  We would need to be able to recognize hashed vs. unhashed
entries and perhaps even different algorithms.  Perhaps it could go like this:
> 
> user1=plaintext
> user2=MD5{...}
> user3=SHA1{...}
> 
> Anyway, the idea is that this could be a reasonably secure alternative, but you still
wouldn't need to manually hash things to add or update entries -- just put a plain text entry
in and the next time the server reads the file it would hash it for you.
> 
> I guess we'd need to synchronize on the hash operation to avoid threading problems if
multiple apps or whatever use the same properties file, but it shouldn't be bad if we only
rewrite the file if we find any plain text entries.
> 
>   was:
> It would be nice if the properties file realm could rewrite your properties file with
hashed passwords when it reads it.  We would need to be able to recognize hashed vs. unhashed
entries and perhaps even different algorithms.  Perhaps it could go like this:
> 
> user1=plaintext
> user2=MD5{...}
> user3=SHA1{...}
> 
> Anyway, the idea is that this could be a reasonably secure alternative, but you still
wouldn't need to manually hash things to add or update entries -- just put a plain text entry
in and the next time the server reads the file it would hash it for you.
> 
> I guess we'd need to synchronize on the hash operation to avoid threading problems if
multiple apps or whatever use the same properties file, but it shouldn't be bad if we only
rewrite the file if we find any plain text entries.
> 
>     Environment: 
> 
> 
>>Add Hash Password Rewrite to File Realm
>>---------------------------------------
>>
>>         Key: GERONIMO-411
>>         URL: http://issues.apache.org/jira/browse/GERONIMO-411
>>     Project: Geronimo
>>        Type: Improvement
>>  Components: security
>>    Versions: 1.0-M2
>>    Reporter: Aaron Mulder
>>    Priority: Minor
>>     Fix For: 1.0
> 
> 
>>It would be nice if the properties file realm could rewrite your properties file with
hashed passwords when it reads it.  We would need to be able to recognize hashed vs. unhashed
entries and perhaps even different algorithms.  Perhaps it could go like this:
>>user1=plaintext
>>user2=MD5{...}
>>user3=SHA1{...}
>>Anyway, the idea is that this could be a reasonably secure alternative, but you still
wouldn't need to manually hash things to add or update entries -- just put a plain text entry
in and the next time the server reads the file it would hash it for you.
>>I guess we'd need to synchronize on the hash operation to avoid threading problems
if multiple apps or whatever use the same properties file, but it shouldn't be bad if we only
rewrite the file if we find any plain text entries.
> 
> 

Mime
View raw message