Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-1838

Add support for pre-digested passwords to AS7 domain realms

    XMLWordPrintable

Details

    Description

      Storing plain text passwords means that should the file containing these passwords be compromised not only could the passwords be used to access the AS instance they were using the passwords could potentially be used for any systems secured with the same passwords.

      The pre-digested passwords will be digested with the username, password and realm - this will mean that although they still need to be kept secure to prevent access to the AS instance they secure they will not be useful for gaining access to different systems secured with different realms.

      (As backwards compatibility is to be retained AS 7.0.2 will have this feature switched off by default leaving the end user to choose to switch it on - for AS 7.1.0 this will be reversed making it the default for out of the box)

      Attachments

        Issue Links

          is blocked by

          Task - Represents a small unit of work that is not end-user facing. AS7-1871 Upgrade to XNIO 3.0.0.Beta5

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. AS7-1837 Upgrade to JBoss SASL 1.0.0.Beta3

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          There are no Sub-Tasks for this issue.

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: