You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Robert Simmons Jr. (JIRA)" <ji...@codehaus.org> on 2007/02/17 22:42:16 UTC
[jira] Created: (MRM-283) Password Length too Short
Password Length too Short
-------------------------
Key: MRM-283
URL: http://jira.codehaus.org/browse/MRM-283
Project: Archiva
Issue Type: Bug
Reporter: Robert Simmons Jr.
An 8 character password is far too shor for good security. Can we improve this to a 16 character password?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: [jira] Closed: (MRM-283) Password Length too Short
Posted by Wendy Smoak <ws...@gmail.com>.
On 2/17/07, Carlos Sanchez <ca...@apache.org> wrote:
> Somebody will correct me if i'm wrong ;) but the convention for
> closing jira issues is to assign to yourself, and if there's no needed
> work, like this case, it wouldn't be "fixed" (or it'll show up in the
> changelog) but one of the others "won't fix", "incomplete" or "cannot
> reproduce"
I actually wanted to resolve it as "Not a Problem" but we don't seem
to have it in this project... Fixed was closer to the truth than any
of the other options. I intentionally left the 'fix version' blank so
it shouldn't appear in the release notes. At least, that was the
intention. :)
--
Wendy
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: [jira] Closed: (MRM-283) Password Length too Short
Posted by Carlos Sanchez <ca...@apache.org>.
Hi Wendy,
Somebody will correct me if i'm wrong ;) but the convention for
closing jira issues is to assign to yourself, and if there's no needed
work, like this case, it wouldn't be "fixed" (or it'll show up in the
changelog) but one of the others "won't fix", "incomplete" or "cannot
reproduce"
On 2/17/07, Wendy Smoak (JIRA) <ji...@codehaus.org> wrote:
>
> [ http://jira.codehaus.org/browse/MRM-283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Wendy Smoak closed MRM-283.
> ---------------------------
>
> Resolution: Fixed
>
> > Password Length too Short
> > -------------------------
> >
> > Key: MRM-283
> > URL: http://jira.codehaus.org/browse/MRM-283
> > Project: Archiva
> > Issue Type: Improvement
> > Components: Users/Security
> > Affects Versions: 1.0
> > Reporter: Robert Simmons Jr.
> >
> > An 8 character password is far too short for good security. Can we improve this to a 16 character password?
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
> -
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
>
>
--
I could give you my word as a Spaniard.
No good. I've known too many Spaniards.
-- The Princess Bride
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
[jira] Closed: (MRM-283) Password Length too Short
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wendy Smoak closed MRM-283.
---------------------------
Resolution: Fixed
> Password Length too Short
> -------------------------
>
> Key: MRM-283
> URL: http://jira.codehaus.org/browse/MRM-283
> Project: Archiva
> Issue Type: Improvement
> Components: Users/Security
> Affects Versions: 1.0
> Reporter: Robert Simmons Jr.
>
> An 8 character password is far too short for good security. Can we improve this to a 16 character password?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (MRM-283) Document Plexus Security configuration of
Archiva
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter updated MRM-283:
-----------------------------
Assignee: (was: Wendy Smoak)
Fix Version/s: 1.0
Component/s: (was: Users/Security)
documentation
Summary: Document Plexus Security configuration of Archiva (was: Password Length too Short)
It's not really fixed if it isn't documented ;)
> Document Plexus Security configuration of Archiva
> -------------------------------------------------
>
> Key: MRM-283
> URL: http://jira.codehaus.org/browse/MRM-283
> Project: Archiva
> Issue Type: Improvement
> Components: documentation
> Affects Versions: 1.0
> Reporter: Robert Simmons Jr.
> Fix For: 1.0
>
>
> An 8 character password is far too short for good security. Can we improve this to a 16 character password?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (MRM-283) Document Plexus Security configuration of
Archiva
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wendy Smoak closed MRM-283.
---------------------------
Assignee: Wendy Smoak
Resolution: Fixed
Okay, *now* it's fixed. :) See http://maven.apache.org/guides/security-configuration.html (in about an hour).
> Document Plexus Security configuration of Archiva
> -------------------------------------------------
>
> Key: MRM-283
> URL: http://jira.codehaus.org/browse/MRM-283
> Project: Archiva
> Issue Type: Improvement
> Components: documentation
> Affects Versions: 1.0
> Reporter: Robert Simmons Jr.
> Assigned To: Wendy Smoak
> Fix For: 1.0
>
>
> An 8 character password is far too short for good security. Can we improve this to a 16 character password?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Reopened: (MRM-283) Password Length too Short
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter reopened MRM-283:
------------------------------
> Password Length too Short
> -------------------------
>
> Key: MRM-283
> URL: http://jira.codehaus.org/browse/MRM-283
> Project: Archiva
> Issue Type: Improvement
> Components: documentation
> Affects Versions: 1.0
> Reporter: Robert Simmons Jr.
> Assigned To: Wendy Smoak
> Fix For: 1.0
>
>
> An 8 character password is far too short for good security. Can we improve this to a 16 character password?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MRM-283) Password Length too Short
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_87815 ]
Wendy Smoak commented on MRM-283:
---------------------------------
This is controlled by plexus-security, and is configurable, usually in a file called "security.properties".
Here is the default config file in svn showing the things you can change:
http://svn.codehaus.org/plexus/plexus-security/trunk/configuration/src/main/resources/org/codehaus/plexus/security/config-defaults.properties
Archiva's application.xml file contains a list of configuration files it looks for:
http://svn.apache.org/repos/asf/maven/archiva/trunk/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
> Password Length too Short
> -------------------------
>
> Key: MRM-283
> URL: http://jira.codehaus.org/browse/MRM-283
> Project: Archiva
> Issue Type: Bug
> Reporter: Robert Simmons Jr.
>
> An 8 character password is far too shor for good security. Can we improve this to a 16 character password?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (MRM-283) Document Plexus Security configuration of
Archiva
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wendy Smoak updated MRM-283:
----------------------------
Comment: was deleted
> Document Plexus Security configuration of Archiva
> -------------------------------------------------
>
> Key: MRM-283
> URL: http://jira.codehaus.org/browse/MRM-283
> Project: Archiva
> Issue Type: Improvement
> Components: documentation
> Affects Versions: 1.0
> Reporter: Robert Simmons Jr.
> Assigned To: Wendy Smoak
> Fix For: 1.0
>
>
> An 8 character password is far too short for good security. Can we improve this to a 16 character password?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MRM-283) Document Plexus Security configuration
of Archiva
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_87824 ]
Wendy Smoak commented on MRM-283:
---------------------------------
True. :)
In application.xml, Archiva seems to be looking directly in ${appserver.base} and ${appserver.home}, not in the 'conf' directories just beneath them as it does for the other config files. Is this correct?
http://svn.apache.org/viewvc/maven/archiva/trunk/archiva-webapp/src/main/resources/META-INF/plexus/application.xml?revision=507941&view=markup
> Document Plexus Security configuration of Archiva
> -------------------------------------------------
>
> Key: MRM-283
> URL: http://jira.codehaus.org/browse/MRM-283
> Project: Archiva
> Issue Type: Improvement
> Components: documentation
> Affects Versions: 1.0
> Reporter: Robert Simmons Jr.
> Fix For: 1.0
>
>
> An 8 character password is far too short for good security. Can we improve this to a 16 character password?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MRM-283) Document Plexus Security configuration
of Archiva
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_87838 ]
Wendy Smoak commented on MRM-283:
---------------------------------
See: http://maven.apache.org/archiva/guides/security-configuration.html
> Document Plexus Security configuration of Archiva
> -------------------------------------------------
>
> Key: MRM-283
> URL: http://jira.codehaus.org/browse/MRM-283
> Project: Archiva
> Issue Type: Improvement
> Components: documentation
> Affects Versions: 1.0
> Reporter: Robert Simmons Jr.
> Assigned To: Wendy Smoak
> Fix For: 1.0
>
>
> An 8 character password is far too short for good security. Can we improve this to a 16 character password?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (MRM-283) Password Length too Short
Posted by "Wendy Smoak (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-283?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wendy Smoak updated MRM-283:
----------------------------
Description: An 8 character password is far too short for good security. Can we improve this to a 16 character password? (was: An 8 character password is far too shor for good security. Can we improve this to a 16 character password?)
Affects Version/s: 1.0
Component/s: Users/Security
Issue Type: Improvement (was: Bug)
> Password Length too Short
> -------------------------
>
> Key: MRM-283
> URL: http://jira.codehaus.org/browse/MRM-283
> Project: Archiva
> Issue Type: Improvement
> Components: Users/Security
> Affects Versions: 1.0
> Reporter: Robert Simmons Jr.
>
> An 8 character password is far too short for good security. Can we improve this to a 16 character password?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira