[
https://issues.apache.org/jira/browse/SYNCOPE-646?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14328757#comment-14328757
]
ASF subversion and git services commented on SYNCOPE-646:
---------------------------------------------------------
Commit 1012e616598d3ff8e42460d4a2eb8f0eeca6504e in syncope's branch
refs/heads/1_2_X from [~fmartelli]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=1012e61 ]
[SYNCOPE-646] fix on branch 1_2_X
> Do not propagate password if not explicitely requested
> ------------------------------------------------------
>
> Key: SYNCOPE-646
> URL: https://issues.apache.org/jira/browse/SYNCOPE-646
> Project: Syncope
> Issue Type: Improvement
> Components: core
> Affects Versions: 1.2.2
> Reporter: fabio martelli
> Assignee: fabio martelli
> Fix For: 1.2.3, 2.0.0
>
>
> Currently, during propagation (CREATE or UPDATE) password will pe propagated
> (if and only if it is available) also in case it is not explicitely
> requested. This behavior has to be changed because it can cause unwanted
> password replaces in case of update operation.
> 1. change password encryption to AES.
> 2. change users password.
> 3. assigne resource: password is propagated as expected.
> 4. change some other attribute and saved: again the password is propagated.
> This is a potential problem: if user later change the password in the
> resource, syncope should not overwrite passowrd after that.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
