Menu

#53 clear text password

open
Gregor von Laszewski
old-gridshell (58)
9
2008-06-25
2008-05-19
Anonymous
No

in PWCBHandler there is a clear text password. I am not certain what that is and if it introduces a security whole

if("client".equals(id)) {
pwcb.setPassword("apache");
} else if("service".equals(id)) {
pwcb.setPassword("apache");
}

Discussion

  • Gregor von Laszewski

    Gregor von Laszewski - 2008-05-19
    • priority: 5 --> 9
     

  • Gregor von Laszewski

    Gregor von Laszewski - 2008-05-19
    • assigned_to: nobody --> laszewsk
     

  • Jeffrey Robble

    Jeffrey Robble - 2008-05-20

    Logged In: YES
    user_id=1951185
    Originator: NO

    The Apache Rampart security example uses this sort of security mechanism in the examples provided. The password is used to gain access to a keystore in which user keys are stored. Changes may be made to read the keystore password from an encrypted file.

    In the future a username/password scheme may be more desirable.

     

  • Gregor von Laszewski

    Gregor von Laszewski - 2008-06-25
    • labels: 1083579 --> old-gridshell
     

Log in to post a comment.

MongoDB Logo MongoDB