ws-sandesha-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "indika priyantha kumara (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AXIS2-4725) Securing passwords in axis2.xml
Date Mon, 24 May 2010 16:24:25 GMT

    [ https://issues.apache.org/jira/browse/AXIS2-4725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12870683#action_12870683
] 

indika priyantha kumara commented on AXIS2-4725:
------------------------------------------------

My solution is based on the code in the Apache synapse [1]. It is a self-contained module.
I hope, it is better to add a syn external to it  if this patch would be applied. 

There is a basic description about my solution in both synapse documentation and WSO2 ESB
documentation [2]. I have improved that solution further.

The attached patch is to provide a global password provider that is responsible for securing
the passwords in the axis2 configuration. 

<passwordManager>
<protectedTokens> coma separated list of tokens </protectedTokens>
<passwordProvider> class of password provider </passwordProvider>
</passwordManager>

I will create separate JIRAs and attach patches for securing the passwords in transport configurations,
axis2 web app, etc ...   

[1] https://svn.apache.org/repos/asf/synapse/trunk/java/modules/securevault 
[2] http://wso2.org/project/esb/java/3.0.0/docs/index.html



> Securing passwords in axis2.xml 
> --------------------------------
>
>                 Key: AXIS2-4725
>                 URL: https://issues.apache.org/jira/browse/AXIS2-4725
>             Project: Axis2
>          Issue Type: Improvement
>    Affects Versions: nightly
>            Reporter: indika priyantha kumara
>         Attachments: secure-vault-add.patch
>
>
> Currently , the password in the axis2 configuration are plain text . This can be a security
hole. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message