Sorry - when I said Principal, I was refering to it as an authenticated entity, thus negating the need for a password in Keystore.getKey() method.
However, I'm starting to think it's not such a good idea anyway, because all someone would have to do, to get a key from the store would be to do a simple authentication module - produce the Principal and steal the key from the store. I wonder what the standard solution to this problem is - I want JAAS auth because I thought it was the "blessed" solution from Sun et al, but I'm still stuck with other passwords for PBE or secret key access.... frustrating. All the technical stuff I've read, seems to avoid this issue. It's no good embedding passwords in java classes as they can be extracted with decompilation. Is it secure to pass at least singular passwords into JBoss as a system property? ??? Martin <a href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3824983#3824983";>View the original post</a> <a href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3824983>Reply to the post</a> ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
