pluggable Password Encryption mechanism for Apache Geronimo.
------------------------------------------------------------
Key: GERONIMO-3111
URL: https://issues.apache.org/jira/browse/GERONIMO-3111
Project: Geronimo
Issue Type: Improvement
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.0-M3, 2.0-M2, 2.0-M1, 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x,
2.0-M4, 2.0-M5
Environment: All platforms & JDKs
Reporter: Phani Balaji Madgula
Hi,
I am involved in developing a J2EE application which is targeted to be deployed
on Apache Geronimo 1.1.1.
We have some concerns pertaining to the clear text passwords in
<AG_HOME>/var/security/users.properties. This makes
admin console accessible to all those who have access to
<AG_home>/var/security/users.properties file.
What would want instead is, a password encryption using a pluggable encryption
key. This enables customers to configure their own encryption keys that can be
used for all security realms(configurable option).
This contributes to the server's readiness for enterprise applications
out-of-box.
We are currently planning to use custom login modules for all security needs.
But, having the above feature in the server will eliminate the need for the
same.
Thanks
Phani
Your comments on this issue are welcome.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
