Passwords stored in plain text
------------------------------
Key: GEOS-4702
URL: https://jira.codehaus.org/browse/GEOS-4702
Project: GeoServer
Issue Type: Improvement
Components: Configuration
Affects Versions: 2.1.1
Reporter: Ian Schneider
Assignee: Justin Deoliveira
Attachments: encrypt-passwords.patch
User passwords and StoreInfo passwords are currently stored in plain text.
The attached patch addresses this issue by adopting digest passwords for spring
security (for users) and using bi-directional encryption for store passwords.
Support is provided for:
+ automatic upgrades
+ default PBE key
+ custom PBE key via standard configuration mechanisms (environment, system
property, servlet param)
Some of the patch may be superfluous (after late changes) - support for
security related test cases - though these were not terribly disruptive.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
