[
https://issues.apache.org/jira/browse/GERONIMO-3111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537990
]
Vamsavardhana Reddy commented on GERONIMO-3111:
-----------------------------------------------
Isn't this a duplicate of GERONIMO-2925?
> pluggable Password Encryption mechanism for Apache Geronimo.
> ------------------------------------------------------------
>
> Key: GERONIMO-3111
> URL: https://issues.apache.org/jira/browse/GERONIMO-3111
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M1, 2.0-M2, 2.0-M3,
> 2.0-M4, 2.0-M5
> Environment: All platforms & JDKs
> Reporter: Phani Balaji Madgula
>
> Hi,
> I am involved in developing a J2EE application which is targeted to be
> deployed on Apache Geronimo 1.1.1.
> We have some concerns pertaining to the clear text passwords in
> <AG_HOME>/var/security/users.properties. This makes
> admin console accessible to all those who have access to
> <AG_home>/var/security/users.properties file.
> What would want instead is, a password encryption using a pluggable
> encryption key. This enables customers to configure their own encryption keys
> that can be used for all security realms(configurable option).
> This contributes to the server's readiness for enterprise applications
> out-of-box.
> We are currently planning to use custom login modules for all security needs.
> But, having the above feature in the server will eliminate the need for the
> same.
> Thanks
> Phani
> Your comments on this issue are welcome.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
