[
https://issues.apache.org/jira/browse/DIRSTUDIO-1344?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17937619#comment-17937619
]
Emmanuel Lécharny commented on DIRSTUDIO-1344:
----------------------------------------------
Sounds clearly a good idea.
> Add a way to protect the passwords stored in the connections configuration
> file
> -------------------------------------------------------------------------------
>
> Key: DIRSTUDIO-1344
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1344
> Project: Directory Studio
> Issue Type: Improvement
> Reporter: Emmanuel Lécharny
> Priority: Critical
>
> When you manage connections to LDAP server, you store the user's password in
> a configuration file in clear text. This is not really a good idea, typically
> if you want to share the file with co-workers or anyone, at least it's a risk
> of leaking passwords if you don't curate the file.
> It would be a good idea to implement a mechanism that encrypt the passwords,
> like you will have to enter a password to unlock the access to the passwords
> when you have launched Studio (and periodically after a period of inactivity).
> Another solution would be to store the passwords in a separate place (like an
> embedded instance of ApacheDS, started wen you start Studio, or any other
> mean), and request the user to validate the export of passwords into a
> configuration file when exporting the configuration.
> We are open to any other suggestion (using an external vaault, etc).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
