You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Daniel Meier (Jira)" <ji...@apache.org> on 2021/08/04 10:01:00 UTC

[jira] [Created] (WICKET-6912) PasswordTextField should not use Strings

Daniel Meier created WICKET-6912:
------------------------------------

             Summary: PasswordTextField should not use Strings
                 Key: WICKET-6912
                 URL: https://issues.apache.org/jira/browse/WICKET-6912
             Project: Wicket
          Issue Type: Improvement
          Components: wicket-core
            Reporter: Daniel Meier


According to the [Java Cryptography Architecture Reference Guide|https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#PBEEx], Passwords should not be stored in {{java.lang.String}} Objects. Wicket's {{PasswordTextField}} however uses {{String}} Models, which can be a security vulnerability.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)