Philip Zampino created KNOX-2581:
------------------------------------
Summary: Secure token passcode in token state
Key: KNOX-2581
URL: https://issues.apache.org/jira/browse/KNOX-2581
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 1.6.0
Reporter: Philip Zampino
The Token State Service must be improved to fully protect the token passcode
(UUID) that is stored in Zookeeper and journaling implementations, such that
the passcode isn't stored in clear text or used as any part of the alias name.
The token passcodes should be hashed in token state (instead of using the
actual value) with the master secret as the salt.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
