You are viewing a plain text version of this content. The canonical link for it is here.
Posted to savan-dev@ws.apache.org by "indika priyantha kumara (JIRA)" <ji...@apache.org> on 2010/05/24 18:24:25 UTC
[jira] Commented: (AXIS2-4725) Securing passwords in axis2.xml
[ https://issues.apache.org/jira/browse/AXIS2-4725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12870683#action_12870683 ]
indika priyantha kumara commented on AXIS2-4725:
------------------------------------------------
My solution is based on the code in the Apache synapse [1]. It is a self-contained module. I hope, it is better to add a syn external to it if this patch would be applied.
There is a basic description about my solution in both synapse documentation and WSO2 ESB documentation [2]. I have improved that solution further.
The attached patch is to provide a global password provider that is responsible for securing the passwords in the axis2 configuration.
<passwordManager>
<protectedTokens> coma separated list of tokens </protectedTokens>
<passwordProvider> class of password provider </passwordProvider>
</passwordManager>
I will create separate JIRAs and attach patches for securing the passwords in transport configurations, axis2 web app, etc ...
[1] https://svn.apache.org/repos/asf/synapse/trunk/java/modules/securevault
[2] http://wso2.org/project/esb/java/3.0.0/docs/index.html
> Securing passwords in axis2.xml
> --------------------------------
>
> Key: AXIS2-4725
> URL: https://issues.apache.org/jira/browse/AXIS2-4725
> Project: Axis2
> Issue Type: Improvement
> Affects Versions: nightly
> Reporter: indika priyantha kumara
> Attachments: secure-vault-add.patch
>
>
> Currently , the password in the axis2 configuration are plain text . This can be a security hole.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org