Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-292

org.jboss.security.plugins.FilePassword requires write permission for decoding

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Minor
    • JBossSecurity_2.0.4.SP5, PicketBox_v4_0_alpha3
    • 2.0.1.GA, 2.0.2-BETA, 2.0.1-BETA1, 2.0.1-BETA2, 2.0.2-BETA3, 2.0.2-BETA4, 2.0.2-BETA5, 2.0.2-BETA6, 2.0.2.Beta7, JBossSecurity_2.0.2.CR1, 2.0.2.CR2, 2.0.2.CR3, 2.0.2.CR4, 2.0.2.CR5, 2.0.2.CR6, 2.0.2.CR7, 2.0.2.CR8
    • None
    • None

    Description

      We use org.jboss.security.plugins.FilePassword to avoid storing passwords in clear text. Once created, we'd like to change the file's permission to read-only for regular users in order to ensure that only trusted users can update it.

      However, this won't work as the class FilePassword always requires write permission even for decoding the password. The class should be modified so that write permission is only required when create / update the password file.

      Attachments

        Issue Links

          blocks

          Sub-task - The sub-task of the issue JBPAPP-5729 org.jboss.security.plugins.FilePassword requires write permission for decoding

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed
          clones

          Sub-task - The sub-task of the issue JBPAPP-5729 org.jboss.security.plugins.FilePassword requires write permission for decoding

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBPAPP-5718 org.jboss.security.plugins.FilePassword requires write permission for decoding

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed
          is incorporated by

          Bug - A problem that impairs or prevents the functions of the product. JBPAPP-5718 org.jboss.security.plugins.FilePassword requires write permission for decoding

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed

          Activity

            People

              mmoyses Marcus Moyses (Inactive)
              alllle_jira Alan Feng (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: