You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Daniel Meier (Jira)" <ji...@apache.org> on 2021/08/04 10:02:00 UTC

[jira] [Updated] (WICKET-6912) PasswordTextField should not use Strings

     [ https://issues.apache.org/jira/browse/WICKET-6912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Meier updated WICKET-6912:
---------------------------------
    Description: According to the [Java Cryptography Architecture Reference Guide|https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#PBEEx], passwords should not be stored in {{java.lang.String}} Objects. Wicket's {{PasswordTextField}} however uses {{String}} Models, which can be a security vulnerability.  (was: According to the [Java Cryptography Architecture Reference Guide|https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#PBEEx], Passwords should not be stored in {{java.lang.String}} Objects. Wicket's {{PasswordTextField}} however uses {{String}} Models, which can be a security vulnerability.)

> PasswordTextField should not use Strings
> ----------------------------------------
>
>                 Key: WICKET-6912
>                 URL: https://issues.apache.org/jira/browse/WICKET-6912
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket-core
>            Reporter: Daniel Meier
>            Priority: Major
>
> According to the [Java Cryptography Architecture Reference Guide|https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#PBEEx], passwords should not be stored in {{java.lang.String}} Objects. Wicket's {{PasswordTextField}} however uses {{String}} Models, which can be a security vulnerability.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)