geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Closed: (GERONIMO-3111) pluggable Password Encryption mechanism for Apache Geronimo.
Date Fri, 26 Oct 2007 15:49:50 GMT


David Jencks closed GERONIMO-3111.

       Resolution: Fixed
    Fix Version/s: 2.0.2
         Assignee: David Jencks

Fixed in GERONIMO-2925.

> pluggable Password Encryption mechanism for Apache Geronimo.
> ------------------------------------------------------------
>                 Key: GERONIMO-3111
>                 URL:
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M1, 2.0-M2, 2.0-M3, 2.0-M4, 2.0-M5
>         Environment: All platforms & JDKs
>            Reporter: Phani Balaji Madgula
>            Assignee: David Jencks
>             Fix For: 2.1, 2.0.2
> Hi,
> I am involved in developing a J2EE application which is targeted to be deployed on Apache
Geronimo 1.1.1. 
> We have some concerns pertaining to the clear text passwords in <AG_HOME>/var/security/
This makes 
> admin console accessible to all those who have access to <AG_home>/var/security/
> What would want instead is, a password encryption using a pluggable encryption key. This
enables customers to configure their own encryption keys that can be used for all security
realms(configurable option). 
> This contributes to the server's readiness for enterprise applications out-of-box.
> We are currently planning to use custom login modules for all security needs. 
> But, having the above feature in the server will eliminate the need for the same.
> Thanks 
> Phani
> Your comments on this issue are welcome.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message