geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Closed: (GERONIMO-4309) Credentials in list of allowed plugin repositories should be encrypted
Date Thu, 18 Sep 2008 07:05:46 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-4309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Jencks closed GERONIMO-4309.
----------------------------------

    Resolution: Fixed

Fixed in rev 696579, using the EncryptionManager to obscure the pw.  This only obscures he
pawwsords against casual exampination, the key is not stored securely so this is definitley
susceptible to easy attacks.

> Credentials in list of allowed plugin repositories should be encrypted
> ----------------------------------------------------------------------
>
>                 Key: GERONIMO-4309
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4309
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Plugins
>    Affects Versions: 2.2
>            Reporter: David Jencks
>            Assignee: David Jencks
>             Fix For: 2.2
>
>
> In GERONIMO-4304 I introduced a plugin repository registry with user-password credentials
for the repos.  The password should be encrypted like the other passwords in our config files.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message