[
https://issues.apache.org/jira/browse/AXIS2-4725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12870683#action_12870683
]
indika priyantha kumara commented on AXIS2-4725:
------------------------------------------------
My solution is based on the code in the Apache synapse [1]. It is a
self-contained module. I hope, it is better to add a syn external to it if
this patch would be applied.
There is a basic description about my solution in both synapse documentation
and WSO2 ESB documentation [2]. I have improved that solution further.
The attached patch is to provide a global password provider that is responsible
for securing the passwords in the axis2 configuration.
<passwordManager>
<protectedTokens> coma separated list of tokens </protectedTokens>
<passwordProvider> class of password provider </passwordProvider>
</passwordManager>
I will create separate JIRAs and attach patches for securing the passwords in
transport configurations, axis2 web app, etc ...
[1] https://svn.apache.org/repos/asf/synapse/trunk/java/modules/securevault
[2] http://wso2.org/project/esb/java/3.0.0/docs/index.html
> Securing passwords in axis2.xml
> --------------------------------
>
> Key: AXIS2-4725
> URL: https://issues.apache.org/jira/browse/AXIS2-4725
> Project: Axis2
> Issue Type: Improvement
> Affects Versions: nightly
> Reporter: indika priyantha kumara
> Attachments: secure-vault-add.patch
>
>
> Currently , the password in the axis2 configuration are plain text . This can
> be a security hole.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
