[
https://issues.apache.org/jira/browse/SYNCOPE-269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13551232#comment-13551232
]
Francesco Chicchiriccò commented on SYNCOPE-269:
------------------------------------------------
If you want to share the same secretKey (used *only* when you choose AES for
user passwords) among different Syncope instances, just put the same value in
each instance's security.properties.
If you want that each Syncope instance uses its own secretKey, just put
different values there.
Regards.
> AES encryption key defined in source code
> -----------------------------------------
>
> Key: SYNCOPE-269
> URL: https://issues.apache.org/jira/browse/SYNCOPE-269
> Project: Syncope
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0.4, 1.1.0
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Critical
> Labels: security
> Fix For: 1.0.5, 1.1.0
>
>
> Currently, the encryption key is barely and statically defined in source code
> [1] for 1_0_X, [2] for trunk.
> This key must be moved to an external properties file (security.properties,
> for example).
> Nice to have: random generation of this key during 'mvn archetype:generate'.
> For 1_0_X: provide default to current key value [1] when not provided in
> security.properties.
> [1]
> http://svn.apache.org/repos/asf/syncope/branches/1_0_X/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
> [2]
> http://svn.apache.org/repos/asf/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordEncoder.java
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
