Re: [Geoserver-devel] Getting access to a GeoServer after forgetting master/admin password

Mon, 21 Jan 2013 00:28:28 -0800 

On Mon, Jan 21, 2013 at 8:55 AM, Christian Mueller <[email protected]>wrote:

> My ideas so far:
>
> 1) lost password for the admin user
> You need access to the physical storage of the user/group service (xml
> file, sql table,...). Change the password value of the admin user to
> "plain:geoserver". (geoserver is the password). Log in as the admin user,
> change your password from geoserver to another value and press save. The
> new password is stored encoded replacing "plain:geoserver".
>
> 2) lost master password
> The master password is not a digest since it is needed for
> encryption/decryption of the key store. Yo have to login as an admin user.
> On the GUI you have to specify a file name and click on a button to store
> the plain master password in this file.
> The file name acts as a shared key between geoserver and the admin. (This
> is important, a fixed file location is vulnerable to an attack). The admin
> needs access to the file system, reads the master password and deletes the
> file.
>
> The method writing the file checks the calling mehtod with
>
> StackTraceElement[] stackTraceElements = 
> Thread.currentThread().getStackTrace()
>
> This is necessary to protect against "trojan horse" geoserver extensions.
>
> Opinions ?
>
>
>
Both suggestions seem good to me

Cheers
Andrea


-- 
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39  339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122412
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Reply via email to