You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Phani Balaji Madgula (JIRA)" <ji...@apache.org> on 2007/04/23 20:09:15 UTC

[jira] Created: (GERONIMO-3111) pluggable Password Encryption mechanism for Apache Geronimo.

pluggable Password Encryption mechanism for Apache Geronimo.
------------------------------------------------------------

                 Key: GERONIMO-3111
                 URL: https://issues.apache.org/jira/browse/GERONIMO-3111
             Project: Geronimo
          Issue Type: Improvement
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.0-M3, 2.0-M2, 2.0-M1, 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M4, 2.0-M5
         Environment: All platforms & JDKs
            Reporter: Phani Balaji Madgula


Hi,
I am involved in developing a J2EE application which is targeted to be deployed on Apache Geronimo 1.1.1. 
We have some concerns pertaining to the clear text passwords in <AG_HOME>/var/security/users.properties. This makes 
admin console accessible to all those who have access to <AG_home>/var/security/users.properties file.

What would want instead is, a password encryption using a pluggable encryption key. This enables customers to configure their own encryption keys that can be used for all security realms(configurable option). 
This contributes to the server's readiness for enterprise applications out-of-box.

We are currently planning to use custom login modules for all security needs. 
But, having the above feature in the server will eliminate the need for the same.

Thanks 
Phani

Your comments on this issue are welcome.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-3111) pluggable Password Encryption mechanism for Apache Geronimo.

Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/GERONIMO-3111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12537990 ] 

Vamsavardhana Reddy commented on GERONIMO-3111:
-----------------------------------------------

Isn't this a duplicate of GERONIMO-2925?

> pluggable Password Encryption mechanism for Apache Geronimo.
> ------------------------------------------------------------
>
>                 Key: GERONIMO-3111
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3111
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M1, 2.0-M2, 2.0-M3, 2.0-M4, 2.0-M5
>         Environment: All platforms & JDKs
>            Reporter: Phani Balaji Madgula
>
> Hi,
> I am involved in developing a J2EE application which is targeted to be deployed on Apache Geronimo 1.1.1. 
> We have some concerns pertaining to the clear text passwords in <AG_HOME>/var/security/users.properties. This makes 
> admin console accessible to all those who have access to <AG_home>/var/security/users.properties file.
> What would want instead is, a password encryption using a pluggable encryption key. This enables customers to configure their own encryption keys that can be used for all security realms(configurable option). 
> This contributes to the server's readiness for enterprise applications out-of-box.
> We are currently planning to use custom login modules for all security needs. 
> But, having the above feature in the server will eliminate the need for the same.
> Thanks 
> Phani
> Your comments on this issue are welcome.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (GERONIMO-3111) pluggable Password Encryption mechanism for Apache Geronimo.

Posted by "David Jencks (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/GERONIMO-3111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks closed GERONIMO-3111.
----------------------------------

       Resolution: Fixed
    Fix Version/s: 2.0.2
                   2.1
         Assignee: David Jencks

Fixed in GERONIMO-2925.

> pluggable Password Encryption mechanism for Apache Geronimo.
> ------------------------------------------------------------
>
>                 Key: GERONIMO-3111
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3111
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1.1, 1.1.2, 1.1.x, 1.2, 1.x, 2.0-M1, 2.0-M2, 2.0-M3, 2.0-M4, 2.0-M5
>         Environment: All platforms & JDKs
>            Reporter: Phani Balaji Madgula
>            Assignee: David Jencks
>             Fix For: 2.1, 2.0.2
>
>
> Hi,
> I am involved in developing a J2EE application which is targeted to be deployed on Apache Geronimo 1.1.1. 
> We have some concerns pertaining to the clear text passwords in <AG_HOME>/var/security/users.properties. This makes 
> admin console accessible to all those who have access to <AG_home>/var/security/users.properties file.
> What would want instead is, a password encryption using a pluggable encryption key. This enables customers to configure their own encryption keys that can be used for all security realms(configurable option). 
> This contributes to the server's readiness for enterprise applications out-of-box.
> We are currently planning to use custom login modules for all security needs. 
> But, having the above feature in the server will eliminate the need for the same.
> Thanks 
> Phani
> Your comments on this issue are welcome.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.