Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 83303 invoked from network); 2 Jun 2006 15:34:32 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 2 Jun 2006 15:34:32 -0000 Received: (qmail 15125 invoked by uid 500); 2 Jun 2006 15:34:27 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 15043 invoked by uid 500); 2 Jun 2006 15:34:27 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 14999 invoked by uid 99); 2 Jun 2006 15:34:27 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Jun 2006 08:34:27 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Jun 2006 08:34:26 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id E24077141E9 for ; Fri, 2 Jun 2006 15:33:31 +0000 (GMT) Message-ID: <25490166.1149262411924.JavaMail.jira@brutus> Date: Fri, 2 Jun 2006 15:33:31 +0000 (GMT+00:00) From: "Matt Hogstrom (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Updated: (GERONIMO-411) Add Hash Password Rewrite to File Realm In-Reply-To: <664674234.1099326812017.JavaMail.apache@nagoya> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/GERONIMO-411?page=all ] Matt Hogstrom updated GERONIMO-411: ----------------------------------- Fix Version: 1.2 (was: 1.1) > Add Hash Password Rewrite to File Realm > --------------------------------------- > > Key: GERONIMO-411 > URL: http://issues.apache.org/jira/browse/GERONIMO-411 > Project: Geronimo > Type: Improvement > Components: security > Versions: 1.0-M2 > Reporter: Aaron Mulder > Assignee: Aaron Mulder > Priority: Minor > Fix For: 1.2 > > It would be nice if the properties file realm could rewrite your properties file with hashed passwords when it reads it. We would need to be able to recognize hashed vs. unhashed entries and perhaps even different algorithms. Perhaps it could go like this: > user1=plaintext > user2=MD5{...} > user3=SHA1{...} > Anyway, the idea is that this could be a reasonably secure alternative, but you still wouldn't need to manually hash things to add or update entries -- just put a plain text entry in and the next time the server reads the file it would hash it for you. > I guess we'd need to synchronize on the hash operation to avoid threading problems if multiple apps or whatever use the same properties file, but it shouldn't be bad if we only rewrite the file if we find any plain text entries. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira