I am going to reintroduce the old "to do" list. It is important that all
"project" ideas be listed somewhere on the site.
I am coming to the painful realization that we are maxing out the mailing
list format and jboss-user is a big success but also a place where
information like this one gets diluted. It must all go on the website.
I am wrapping up a machine with all big support for development (probably
will host CVS some day) it will be online soon, remind me to update the
"todo" list at that point, perhaps even make it "open"
marc
|-----Original Message-----
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED]]On Behalf Of Juha-P Lindfors
|Sent: Sunday, January 21, 2001 1:59 AM
|To: jBoss Developer
|Subject: Re: [jBoss-Dev] JavaMail support in JBoss !
|
|
|
|
|On Sat, 20 Jan 2001, Bordet, Simone wrote:
|> a) replace User and Password attributes values with the user name and
|> password used to connect to your mail server (Security guys: I
|did not find
|> a clean solution for the password being stored in clear here. Any hint ?)
|
|I think we need to write a KeyManager MBean for Jboss that we initialize
|when JBoss is first started with the needed private keys and that has the
|methods for encrypting and decrypting data, and storing new keys. Mail
|passwords require this, also JMS user/passwords will need it, probably
|some other places as well.
|
|For starters we can use java.security classes, you can find a rather basic
|keystore there, and use the keyfactories to generate the keys (see
|java.security.spec for different key specs for factory). For stronger
|encryption we should move to JCE though that has several nice features
|(more secure keystores, cipher input/output streams, wrap and unwrap for
|sync key exchange, etc.).
|
|-- Juha
|
|
|
