[Geoserver-devel] Encrypted data store passwords and REST

Christian Mueller Fri, 15 Mar 2013 09:25:14 -0700

If I try to get some information about a data store using REST, the
 response contains encrypted data store passwords.


Some snippets, executing

curl -v -u admin:geoserver -XGET
  http://localhost:8080/geoserver/rest/workspaces/acme/datastores/nync.xml

results in
 ...
  <entry key="passwd">crypt1:pw5lO+WAt6nThMc1cywD3Q==</entry>
   <entry key="dbtype">postgis</entry>
...

Even worse, doing the same REST call again, the encrypted password is
different. (This is because we use a salt and the plain text password is
encrypted for each REST call).

IMHO, I would expect the plain text password, the cipher text is quite
useless.

Opinions ?

Cheers
Christian

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar

_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

[Geoserver-devel] Encrypted data store passwords and REST

Reply via email to