Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-5728 Update to JBoss Security 2.0.4 SP6
  3. JBPAPP-5729

org.jboss.security.plugins.FilePassword requires write permission for decoding

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Done
    • Affects Version/s: EAP_EWP 5.1.0
    • Fix Version/s: EAP_EWP 5.1.1
    • Component/s: Security
    • Labels:
      None
    • Affects:
      Release Notes
    • Release Notes Text:
      Hide
      The org.jboss.security.plugins.FilePassword file previously required write permission even for decoding the password. The file could not be changed to read-only for regular users because it was inaccessible. This issue has been fixed by changing the file permissions from to read-only.
      Show
      The org.jboss.security.plugins.FilePassword file previously required write permission even for decoding the password. The file could not be changed to read-only for regular users because it was inaccessible. This issue has been fixed by changing the file permissions from to read-only.
    • Release Notes Docs Status:
      Documented as Resolved Issue

      Description

      We use org.jboss.security.plugins.FilePassword to avoid storing passwords in clear text. Once created, we'd like to change the file's permission to read-only for regular users in order to ensure that only trusted users can update it.

      However, this won't work as the class FilePassword always requires write permission even for decoding the password. The class should be modified so that write permission is only required when create / update the password file.

        Gliffy Diagrams

          Attachments

            Issue Links

            cloned from

            Bug - A problem which impairs or prevents the functions of the product. SECURITY-292 org.jboss.security.plugins.FilePassword requires write permission for decoding

            • Minor - Minor loss of function, or other problem where easy workaround is present.
            • Resolved
            is blocked by

            Bug - A problem which impairs or prevents the functions of the product. SECURITY-292 org.jboss.security.plugins.FilePassword requires write permission for decoding

            • Minor - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

              Activity

                People

                • Assignee:
                  bmaxwell Brad Maxwell
                  Reporter:
                  bmaxwell Brad Maxwell
                  Writer:
                  Rebecca Newton
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: