geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Mulder" <ammul...@alumni.princeton.edu>
Subject Re: Plaintext passwords in Geronimo plans and config files
Date Thu, 22 Feb 2007 17:35:11 GMT
There is some built-in encryption available.  My recollection was that
the server tried to apply it to settings with "password" in the name,
but it may have changed in 1.2-beta.

Thanks,
       Aaron

On 2/22/07, Aman Nanner/MxI Technologies <aman.nanner@mxi.com> wrote:
>
> Hi,
>
> I have noticed that passwords in plans and configuration files in Geronimo
> (1.2-beta) are not encrypted by the server, and remain in plaintext.  For
> example, passwords in:
>
> 1) Datasource connector plans
> 2) ActiveMQ connector plans
> 3) TomcatWebSSL Keystore passwords
> 4) Geronimo properties realm passwords
>
> Having these plaintext passwords in these configuration files pose an
> inherent security risk that would prevent us from deploying Geronimo out to
> customer sites.  Are there any plans to have all these passwords encrypted?
>
> Thanks,
> Aman
>
> __________________________________________________________________________________
> * This message is intended only for the use of the individual or entity to which it is
addressed, and may contain information that is privileged, confidential and exempt from disclosure
under applicable law. Unless you are the addressee (or authorized to receive for the addressee),
you may not use, copy or disclose the message or any information contained in the message.
If you have received this message in error, please advise the sender by reply e-mail , and
delete the message, or call (collect) 001 613 747 4698. *
>
>

Mime
View raw message