[
https://issues.apache.org/jira/browse/SYNCOPE-269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13551197#comment-13551197
]
Francesco Chicchiriccò commented on SYNCOPE-269:
------------------------------------------------
Denis,
this issue is "only" to make the secret key used for AES ciphering stored in a
property file (security.properties) instead of having it as constant in source
code + letting users write down their own key during project generation (e.g.
mvn archetype:generate ...).
If you're asking instead for how to change admin password (stored in
security.properties as well), let's discuss this in ML please.
> AES encryption key defined in source code
> -----------------------------------------
>
> Key: SYNCOPE-269
> URL: https://issues.apache.org/jira/browse/SYNCOPE-269
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.4, 1.1.0
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Critical
> Labels: security
> Fix For: 1.0.5, 1.1.0
>
>
> Currently, the encryption key is barely and statically defined in source code
> [1] for 1_0_X, [2] for trunk.
> This key must be moved to an external properties file (security.properties,
> for example).
> Nice to have: random generation of this key during 'mvn archetype:generate'.
> For 1_0_X: provide default to current key value [1] when not provided in
> security.properties.
> [1]
> http://svn.apache.org/repos/asf/syncope/branches/1_0_X/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
> [2]
> http://svn.apache.org/repos/asf/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordEncoder.java
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
