[jira] [Updated] (SYNCOPE-646) Do not propagate password if not explicitely requested

Fri, 20 Feb 2015 00:47:50 -0800 

     [ 
https://issues.apache.org/jira/browse/SYNCOPE-646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

fabio martelli updated SYNCOPE-646:
-----------------------------------
    Description: 
Currently, during propagation (CREATE or UPDATE) password will pe propagated 
(if and only if it is available) also in case it is not explicitely requested. 
This behavior has to be changed because it can cause unwanted password replaces 
in case of update operation.

1. change password encryption to AES.
2. change users password.
3. assigne resource: password is propagated as expected.
4. change some other attribute and saved: again the password is propagated. 
This is a potential problem: if user later change the password in the resource, 
syncope should not overwrite passowrd after that.


  was:Currently, during propagation (CREATE or UPDATE) password will pe 
propagated (if and only if it is available) also in case it is not explicitely 
requested. This behavior has to be changed because it can cause unwanted 
password replaces in case of update operation.


> Do not propagate password if not explicitely requested
> ------------------------------------------------------
>
>                 Key: SYNCOPE-646
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-646
>             Project: Syncope
>          Issue Type: Improvement
>          Components: core
>    Affects Versions: 1.2.2
>            Reporter: fabio martelli
>            Assignee: fabio martelli
>             Fix For: 1.2.3, 2.0.0
>
>
> Currently, during propagation (CREATE or UPDATE) password will pe propagated 
> (if and only if it is available) also in case it is not explicitely 
> requested. This behavior has to be changed because it can cause unwanted 
> password replaces in case of update operation.
> 1. change password encryption to AES.
> 2. change users password.
> 3. assigne resource: password is propagated as expected.
> 4. change some other attribute and saved: again the password is propagated. 
> This is a potential problem: if user later change the password in the 
> resource, syncope should not overwrite passowrd after that.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to