Patches are welcome. Please create a ticket and attach a patch that does what you think the encryption ought to do.
Karl On Fri, Jul 22, 2016 at 9:22 AM, Aurélien MAZOYER < [email protected]> wrote: > Hi, > > In order to try to improve security in MCF, I would like to be able to > store the password (that is currently hardcoded) used for obfuscation in a > specific configuration file. The aim of this approach is to be able to > change it but also to be able to add specific linux access right on it. To > do that, I think I need to rewrite the Obfuscate file in the source code. > Do you think this approach is valid? > > Regards, > > Aurélien > > Le 18/07/2016 14:50, Aurélien MAZOYER a écrit : > > Hi Konrad, > > Thank you for your answer. It seems that the obfuscation tool uses a > symmetric encoding with password and salt to obfuscate/deobfuscate > passwords. I can see that there is a way to change the salt with a > property, but it seems that the password is hardcoded in the source code. > What is the best practice to use this obfuscation tool? Is it enough to > change the salt in the property file? > > Regards, > > Aurélien > > Le 18/07/2016 14:13, Konrad Holl a écrit : > > Hi Aurélien, > > > > try the obfuscate.[bat|sh] file in the obfuscation-utility directory. > > > > In property.xml you can use this obfuscated password instead: > org.apache.manifoldcf.login.password.obfuscated . See also > http://manifoldcf.apache.org/release/release-2.4/en_US/how-to-build-and-deploy.html > > > > Hope that helps, > > > > Konrad. > > > > *From:* Aurélien MAZOYER [ <[email protected]> > mailto:[email protected] <[email protected]>] > *Sent:* Montag, 18. Juli 2016 13:31 > *To:* [email protected] > *Subject:* Store hash of MCF admin password > > > > Hi all, > > Is there a way to store a hash of the mcf admin password instead of a > clear password in the configuration file of MCF? > > Regards, > > Aurélien > > > >
