Something like https://github.com/javakeyring/java-keyring could probably help in getting this done efficiently.
> Am 22.03.2025 um 17:37 schrieb Fredrik Roubert (Jira) <j...@apache.org>: > > > [ > https://issues.apache.org/jira/browse/DIRSTUDIO-1344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17937614#comment-17937614 > ] > > Fredrik Roubert commented on DIRSTUDIO-1344: > -------------------------------------------- > > I think the expectation these days is that applications should be able to use > the operating system's password storage (Windows Credential Locker, macOS > Keychain, Freedesktop Secret Service, etc.) instead of storing passwords in > plaintext or using some application specific encrypted storage and master > password. > >> Add a way to protect the passwords stored in the connections configuration >> file >> ------------------------------------------------------------------------------- >> >> Key: DIRSTUDIO-1344 >> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1344 >> Project: Directory Studio >> Issue Type: Improvement >> Reporter: Emmanuel Lécharny >> Priority: Critical >> >> When you manage connections to LDAP server, you store the user's password in >> a configuration file in clear text. This is not really a good idea, >> typically if you want to share the file with co-workers or anyone, at least >> it's a risk of leaking passwords if you don't curate the file. >> It would be a good idea to implement a mechanism that encrypt the passwords, >> like you will have to enter a password to unlock the access to the passwords >> when you have launched Studio (and periodically after a period of >> inactivity). >> Another solution would be to store the passwords in a separate place (like >> an embedded instance of ApacheDS, started wen you start Studio, or any other >> mean), and request the user to validate the export of passwords into a >> configuration file when exporting the configuration. >> We are open to any other suggestion (using an external vaault, etc). > > > > -- > This message was sent by Atlassian Jira > (v8.20.10#820010) > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org > For additional commands, e-mail: dev-h...@directory.apache.org >
