geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Phani Balaji Madgula (JIRA)" <j...@apache.org>
Subject [jira] Created: (GERONIMO-3111) pluggable Password Encryption mechanism for Apache Geronimo.
Date Mon, 23 Apr 2007 18:09:15 GMT
pluggable Password Encryption mechanism for Apache Geronimo.
------------------------------------------------------------

                 Key: GERONIMO-3111
                 URL: https://issues.apache.org/jira/browse/GERONIMO-3111
             Project: Geronimo
          Issue Type: Improvement
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.0-M3, 2.0-M2, 2.0-M1, 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M4, 2.0-M5
         Environment: All platforms & JDKs
            Reporter: Phani Balaji Madgula


Hi,
I am involved in developing a J2EE application which is targeted to be deployed on Apache
Geronimo 1.1.1. 
We have some concerns pertaining to the clear text passwords in <AG_HOME>/var/security/users.properties.
This makes 
admin console accessible to all those who have access to <AG_home>/var/security/users.properties
file.

What would want instead is, a password encryption using a pluggable encryption key. This enables
customers to configure their own encryption keys that can be used for all security realms(configurable
option). 
This contributes to the server's readiness for enterprise applications out-of-box.

We are currently planning to use custom login modules for all security needs. 
But, having the above feature in the server will eliminate the need for the same.

Thanks 
Phani

Your comments on this issue are welcome.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message