Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-1838

Add support for pre-digested passwords to AS7 domain realms

    Details

      Description

      Storing plain text passwords means that should the file containing these passwords be compromised not only could the passwords be used to access the AS instance they were using the passwords could potentially be used for any systems secured with the same passwords.

      The pre-digested passwords will be digested with the username, password and realm - this will mean that although they still need to be kept secure to prevent access to the AS instance they secure they will not be useful for gaining access to different systems secured with different realms.

      (As backwards compatibility is to be retained AS 7.0.2 will have this feature switched off by default leaving the end user to choose to switch it on - for AS 7.1.0 this will be reversed making it the default for out of the box)

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dlofthouse Darran Lofthouse
                  Reporter:
                  dlofthouse Darran Lofthouse
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: