[
https://wso2.org/jira/browse/ESBJAVA-489?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ruwan Linton updated ESBJAVA-489:
---------------------------------
Fix Version/s: 2.1
(was: FUTURE)
changing the fix version to 2.1 because this has not been properly fixed on the
2.0 release.
Now we are storing this information in the user-mgt.xml and it has to be
ideally go into the database, but encryption of this information is still an
issue because the key used to encrypt has to be there in the plain text and
still the security problem persists.
> ESB Admin User's password in clear text
> ---------------------------------------
>
> Key: ESBJAVA-489
> URL: https://wso2.org/jira/browse/ESBJAVA-489
> Project: WSO2 ESB
> Issue Type: Improvement
> Reporter: Jonathan Holmes
> Assignee: Asankha Perera
> Fix For: 2.1
>
>
> It appears that all ESB admin users password is just sitting in plain text
> within server.xml. The password should be hashed for security reasons.
> <ESBUsers>
> <User>
> <Username>admin</Username>
> <Password>admin</Password>
> <Description>admin</Description>
> </User>
> <!-- add multiple users
> <User>
> <Username>esb</Username>
> <Password>esb</Password>
> <Description>esb</Description>
> </User>
> -->
> </ESBUsers>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Esb-java-dev mailing list
[email protected]
https://wso2.org/cgi-bin/mailman/listinfo/esb-java-dev
