[ http://nagoya.apache.org/jira/browse/GERONIMO-411?page=comments#action_54896 ] Alan Cabrera commented on GERONIMO-411: ---------------------------------------
I'm not fond of the idea of rewriting the files w/ hashed passwords. What do you think about the idea of having the passwords already hashed and that the login module would do a hash on the password that was entered and compare it against what was in the file? The hash that is used can be configurable. > Add Hash Password Rewrite to File Realm > --------------------------------------- > > Key: GERONIMO-411 > URL: http://nagoya.apache.org/jira/browse/GERONIMO-411 > Project: Apache Geronimo > Type: Improvement > Components: security > Versions: 1.0-M2 > Reporter: Aaron Mulder > Priority: Minor > > It would be nice if the properties file realm could rewrite your properties > file with hashed passwords when it reads it. We would need to be able to > recognize hashed vs. unhashed entries and perhaps even different algorithms. > Perhaps it could go like this: > user1=plaintext > user2=MD5{...} > user3=SHA1{...} > Anyway, the idea is that this could be a reasonably secure alternative, but > you still wouldn't need to manually hash things to add or update entries -- > just put a plain text entry in and the next time the server reads the file it > would hash it for you. > I guess we'd need to synchronize on the hash operation to avoid threading > problems if multiple apps or whatever use the same properties file, but it > shouldn't be bad if we only rewrite the file if we find any plain text > entries. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://nagoya.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira
