On Mon, Apr 09, 2001 at 11:57:05AM -0700, Jeffrey Wescott wrote:
> Hey, all.
Hi. First, this is question for the jboss-user list. This list is for
discussion of the development of JBoss itself.
> We are in the beginning stages of a deployment at a customer site. We
> (obviously, or why would I post here) are deploying our application on
> top of jBoss 2.1 BETA. One of the IT requirements at this customer is
> that no passwords can be stored or transmitted in the clear. As such,
> we need to MD5 (or otherwise encrypt) all of the passwords in
> jboss.jcml. There are three that I know of:
>
> 1. XADataSourceLoader
> 2. ConnectionFactoryLoader
> 3. MailService
>
> My question is the following: How and where in the code can I enable
> support for MD5 (or otherwise encrypted) passwords?
Gah! I just had this argument at work. The services you are sending the
passwords to require the clear text, so you must be able to decrypt the
passwords before sending them. So, where do you store the decryption key?
If you can suggest a mechanism for this, it might get implemented. Otherwise
it just makes no sense.
Toby.
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
