[
https://issues.apache.org/jira/browse/GERONIMO-411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537999
]
David Jencks commented on GERONIMO-411:
---------------------------------------
With GERONIMO-2925 the passwords are all encrypted with a pluggable encryption
method. I'm not sure that further work on this toy security realm is
warranted. Won't anyone with actual users be using ldap or a database for the
backing store?
> Add Hash Password Rewrite to File Realm
> ---------------------------------------
>
> Key: GERONIMO-411
> URL: https://issues.apache.org/jira/browse/GERONIMO-411
> Project: Geronimo
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0-M2, 1.2
> Reporter: Aaron Mulder
> Assignee: Donald Woods
> Priority: Minor
> Fix For: 2.0.x, 2.1
>
> Attachments: properties-realm.patch
>
>
> It would be nice if the properties file realm could rewrite your properties
> file with hashed passwords when it reads it. We would need to be able to
> recognize hashed vs. unhashed entries and perhaps even different algorithms.
> Perhaps it could go like this:
> user1=plaintext
> user2=MD5{...}
> user3=SHA1{...}
> Anyway, the idea is that this could be a reasonably secure alternative, but
> you still wouldn't need to manually hash things to add or update entries --
> just put a plain text entry in and the next time the server reads the file it
> would hash it for you.
> I guess we'd need to synchronize on the hash operation to avoid threading
> problems if multiple apps or whatever use the same properties file, but it
> shouldn't be bad if we only rewrite the file if we find any plain text
> entries.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
