manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karl Wright (JIRA)" <>
Subject [jira] [Assigned] (CONNECTORS-1327) Put obfuscation password in an external file
Date Fri, 12 Aug 2016 11:44:20 GMT


Karl Wright reassigned CONNECTORS-1327:

    Assignee: Karl Wright

> Put obfuscation password in an external file
> --------------------------------------------
>                 Key: CONNECTORS-1327
>                 URL:
>             Project: ManifoldCF
>          Issue Type: Improvement
>          Components: Framework core
>    Affects Versions: ManifoldCF 2.4
>            Reporter: Aurélien
>            Assignee: Karl Wright
>            Priority: Minor
>              Labels: security
>             Fix For: ManifoldCF 2.6
> It seems that the obfuscation tool uses a symmetric encoding with password and salt to
obfuscate/deobfuscate passwords. I can see that there is a way to change the salt with a property,
but it seems that the password is hardcoded in the source code.In order to try to improve
security in MCF, I would like to be able to store the password (that is currently hardcoded)
used for obfuscation in a specific configuration file. The aim of this approach is to be able
to change it but also to be able to add specific linux access right on it. 

This message was sent by Atlassian JIRA

View raw message