You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Phani Balaji Madgula (JIRA)" <ji...@apache.org> on 2007/04/23 20:09:15 UTC
[jira] Created: (GERONIMO-3111) pluggable Password Encryption
mechanism for Apache Geronimo.
pluggable Password Encryption mechanism for Apache Geronimo.
------------------------------------------------------------
Key: GERONIMO-3111
URL: https://issues.apache.org/jira/browse/GERONIMO-3111
Project: Geronimo
Issue Type: Improvement
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.0-M3, 2.0-M2, 2.0-M1, 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M4, 2.0-M5
Environment: All platforms & JDKs
Reporter: Phani Balaji Madgula
Hi,
I am involved in developing a J2EE application which is targeted to be deployed on Apache Geronimo 1.1.1.
We have some concerns pertaining to the clear text passwords in <AG_HOME>/var/security/users.properties. This makes
admin console accessible to all those who have access to <AG_home>/var/security/users.properties file.
What would want instead is, a password encryption using a pluggable encryption key. This enables customers to configure their own encryption keys that can be used for all security realms(configurable option).
This contributes to the server's readiness for enterprise applications out-of-box.
We are currently planning to use custom login modules for all security needs.
But, having the above feature in the server will eliminate the need for the same.
Thanks
Phani
Your comments on this issue are welcome.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3111) pluggable Password Encryption
mechanism for Apache Geronimo.
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537990 ]
Vamsavardhana Reddy commented on GERONIMO-3111:
-----------------------------------------------
Isn't this a duplicate of GERONIMO-2925?
> pluggable Password Encryption mechanism for Apache Geronimo.
> ------------------------------------------------------------
>
> Key: GERONIMO-3111
> URL: https://issues.apache.org/jira/browse/GERONIMO-3111
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M1, 2.0-M2, 2.0-M3, 2.0-M4, 2.0-M5
> Environment: All platforms & JDKs
> Reporter: Phani Balaji Madgula
>
> Hi,
> I am involved in developing a J2EE application which is targeted to be deployed on Apache Geronimo 1.1.1.
> We have some concerns pertaining to the clear text passwords in <AG_HOME>/var/security/users.properties. This makes
> admin console accessible to all those who have access to <AG_home>/var/security/users.properties file.
> What would want instead is, a password encryption using a pluggable encryption key. This enables customers to configure their own encryption keys that can be used for all security realms(configurable option).
> This contributes to the server's readiness for enterprise applications out-of-box.
> We are currently planning to use custom login modules for all security needs.
> But, having the above feature in the server will eliminate the need for the same.
> Thanks
> Phani
> Your comments on this issue are welcome.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-3111) pluggable Password Encryption
mechanism for Apache Geronimo.
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-3111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks closed GERONIMO-3111.
----------------------------------
Resolution: Fixed
Fix Version/s: 2.0.2
2.1
Assignee: David Jencks
Fixed in GERONIMO-2925.
> pluggable Password Encryption mechanism for Apache Geronimo.
> ------------------------------------------------------------
>
> Key: GERONIMO-3111
> URL: https://issues.apache.org/jira/browse/GERONIMO-3111
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M1, 2.0-M2, 2.0-M3, 2.0-M4, 2.0-M5
> Environment: All platforms & JDKs
> Reporter: Phani Balaji Madgula
> Assignee: David Jencks
> Fix For: 2.1, 2.0.2
>
>
> Hi,
> I am involved in developing a J2EE application which is targeted to be deployed on Apache Geronimo 1.1.1.
> We have some concerns pertaining to the clear text passwords in <AG_HOME>/var/security/users.properties. This makes
> admin console accessible to all those who have access to <AG_home>/var/security/users.properties file.
> What would want instead is, a password encryption using a pluggable encryption key. This enables customers to configure their own encryption keys that can be used for all security realms(configurable option).
> This contributes to the server's readiness for enterprise applications out-of-box.
> We are currently planning to use custom login modules for all security needs.
> But, having the above feature in the server will eliminate the need for the same.
> Thanks
> Phani
> Your comments on this issue are welcome.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.