[
https://issues.apache.org/jira/browse/SYNCOPE-646?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
fabio martelli resolved SYNCOPE-646.
------------------------------------
Resolution: Fixed
> Do not propagate password if not explicitely requested
> ------------------------------------------------------
>
> Key: SYNCOPE-646
> URL: https://issues.apache.org/jira/browse/SYNCOPE-646
> Project: Syncope
> Issue Type: Improvement
> Components: core
> Affects Versions: 1.2.2
> Reporter: fabio martelli
> Assignee: fabio martelli
> Fix For: 1.2.3, 2.0.0
>
>
> Currently, during propagation (CREATE or UPDATE) password will pe propagated
> (if and only if it is available) also in case it is not explicitely
> requested. This behavior has to be changed because it can cause unwanted
> password replaces in case of update operation.
> 1. change password encryption to AES.
> 2. change users password.
> 3. assigne resource: password is propagated as expected.
> 4. change some other attribute and saved: again the password is propagated.
> This is a potential problem: if user later change the password in the
> resource, syncope should not overwrite passowrd after that.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
