Hi Karl,
Thank you for your answer. I created the following issue for that :
https://issues.apache.org/jira/browse/CONNECTORS-1327
Regards,
Aurélien
Le 22/07/2016 16:00, Karl Wright a écrit :
Patches are welcome. Please create a ticket and attach a patch that
does what you think the encryption ought to do.
Karl
On Fri, Jul 22, 2016 at 9:22 AM, Aurélien MAZOYER
<[email protected]
<mailto:[email protected]>> wrote:
Hi,
In order to try to improve security in MCF, I would like to be
able to store the password (that is currently hardcoded) used for
obfuscation in a specific configuration file. The aim of this
approach is to be able to change it but also to be able to add
specific linux access right on it. To do that, I think I need to
rewrite the Obfuscate file in the source code. Do you think this
approach is valid?
Regards,
Aurélien
Le 18/07/2016 14:50, Aurélien MAZOYER a écrit :
Hi Konrad,
Thank you for your answer. It seems that the obfuscation tool
uses a symmetric encoding with password and salt to
obfuscate/deobfuscate passwords. I can see that there is a way to
change the salt with a property, but it seems that the password
is hardcoded in the source code. What is the best practice to use
this obfuscation tool? Is it enough to change the salt in the
property file?
Regards,
Aurélien
Le 18/07/2016 14:13, Konrad Holl a écrit :
Hi Aurélien,
try the obfuscate.[bat|sh] file in the obfuscation-utility
directory.
In property.xml you can use this obfuscated password instead:
org.apache.manifoldcf.login.password.obfuscated . See also
http://manifoldcf.apache.org/release/release-2.4/en_US/how-to-build-and-deploy.html
Hope that helps,
Konrad.
*From:*Aurélien MAZOYER [mailto:[email protected]]
*Sent:* Montag, 18. Juli 2016 13:31
*To:* [email protected] <mailto:[email protected]>
*Subject:* Store hash of MCF admin password
Hi all,
Is there a way to store a hash of the mcf admin password instead
of a clear password in the configuration file of MCF?
Regards,
Aurélien
