You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by Emmanuel Lécharny <el...@gmail.com> on 2018/05/28 08:22:05 UTC

Re: [ApacheDS] passwords store


Le 28/05/2018 à 10:03, Petra Humann a écrit :
> Hi,
> 
> there is a big security issue in the configuration file 
> $HOME/.ApacheDirectoryStudio/.metadata/.plugins/org.apache.directory.studio.connection.core/connections.xml
> 
> The passwords are stored in clear text!

Yes.

You can request the passwords to be stored in a keystore instead, in the
Preference -> Connections -> Password Keystore configuration.

Be aware that there is an issue with the latest Java version (1.8.0_171
AFAIR), in which teh keystore storage format has changed and is not
compatible with the previous Java versions or pacthes. This is clearly a
bug in Java.


-- 
Emmanuel Lecharny

Symas.com
directory.apache.org