[
https://issues.apache.org/jira/browse/GERONIMO-411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Donald Woods closed GERONIMO-411.
---------------------------------
Resolution: Fixed
Fix Version/s: (was: 2.0.x)
2.0.2
Resolved by GERONIMO-2925
> Add Hash Password Rewrite to File Realm
> ---------------------------------------
>
> Key: GERONIMO-411
> URL: https://issues.apache.org/jira/browse/GERONIMO-411
> Project: Geronimo
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0-M2, 1.2
> Reporter: Aaron Mulder
> Assignee: Donald Woods
> Priority: Minor
> Fix For: 2.1, 2.0.2
>
> Attachments: properties-realm.patch
>
>
> It would be nice if the properties file realm could rewrite your properties
> file with hashed passwords when it reads it. We would need to be able to
> recognize hashed vs. unhashed entries and perhaps even different algorithms.
> Perhaps it could go like this:
> user1=plaintext
> user2=MD5{...}
> user3=SHA1{...}
> Anyway, the idea is that this could be a reasonably secure alternative, but
> you still wouldn't need to manually hash things to add or update entries --
> just put a plain text entry in and the next time the server reads the file it
> would hash it for you.
> I guess we'd need to synchronize on the hash operation to avoid threading
> problems if multiple apps or whatever use the same properties file, but it
> shouldn't be bad if we only rewrite the file if we find any plain text
> entries.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
