If you are concerned about security, simply don't let slide handle the password. Slide relies mainly on container to authenticate users. The slide realm is a facility that shouldn't be used in production environment for the main 2 reason - it need slide libs to be put in container and not in webapp - it stores the passwords in something not made to store password: webdav collections
a better solution have user/group store mapped to a LDAP use LDAP realm in tomcat configuration This way, - passwords are not exposed in slide - the realm is in sync with content of /users and /roles in slide savita a écrit : > Tyr to store password in xmlns:S="http://jakarta.apache.org/slide/"; > namespace instead of DAV: > > Changing the namespace did not work. Meanwhile, I have the folowing reply > from Joe Feise of DAV Explorer. > Hello Sativa, > It obviously is a bug in Slide to transmit the password in the clear. I > actually consider this a major security issue in Slide. > I suggest filing a bug report with the Slide developers. > In the meantime, I see if DAV Explorer can block out the password. But that > of course would only be an "security through obscurity" measure. If the user > logs all data that goes over the wire, the user would still be able to see > the password. > Regards, > -Joe > > I am not sure if this qualifies as a bug, but it does cause security issues. > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
