[jira] [Created] (SYNCOPE-269) Password encryption key defined in source code

JIRA Thu, 10 Jan 2013 03:10:16 -0800

Francesco Chicchiriccò created SYNCOPE-269:
----------------------------------------------


             Summary: Password encryption key defined in source code
                 Key: SYNCOPE-269
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-269
             Project: Syncope
          Issue Type: Bug
          Components: core
    Affects Versions: 1.0.4, 1.1.0
            Reporter: Francesco Chicchiriccò
            Priority: Critical
             Fix For: 1.0.5, 1.1.0


Currently, the encryption key is barely and statically defined in source code 
[1] for 1_0_X, [2] for trunk.

This key must be moved to an external properties file (security.properties, for 
example).

Nice to have: random generation of this key during 'mvn archetype:generate'.

For 1_0_X: provide default to current key value [1] when not provided in 
security.properties.

[1] 
http://svn.apache.org/repos/asf/syncope/branches/1_0_X/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
[2] 
http://svn.apache.org/repos/asf/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordEncoder.java
 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Created] (SYNCOPE-269) Password encryption key defined in source code

Reply via email to