You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Petra Humann <pe...@tu-dresden.de> on 2018/05/28 08:03:29 UTC
[ApacheDS] passwords store
Hi,
there is a big security issue in the configuration file
$HOME/.ApacheDirectoryStudio/.metadata/.plugins/org.apache.directory.studio.connection.core/connections.xml
The passwords are stored in clear text!
Apache Directory Studio Version: 2.0.0.v20170904-M13
macOS 10.13.4. High Sierra
Kind Regards,
Petra Humann
Re: [ApacheDS] passwords store
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 28/05/2018 à 10:03, Petra Humann a écrit :
> Hi,
>
> there is a big security issue in the configuration file
> $HOME/.ApacheDirectoryStudio/.metadata/.plugins/org.apache.directory.studio.connection.core/connections.xml
>
> The passwords are stored in clear text!
Yes.
You can request the passwords to be stored in a keystore instead, in the
Preference -> Connections -> Password Keystore configuration.
Be aware that there is an issue with the latest Java version (1.8.0_171
AFAIR), in which teh keystore storage format has changed and is not
compatible with the previous Java versions or pacthes. This is clearly a
bug in Java.
--
Emmanuel Lecharny
Symas.com
directory.apache.org