Francesco Chicchiriccò created SYNCOPE-269: ----------------------------------------------
Summary: Password encryption key defined in source code Key: SYNCOPE-269 URL: https://issues.apache.org/jira/browse/SYNCOPE-269 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.0.4, 1.1.0 Reporter: Francesco Chicchiriccò Priority: Critical Fix For: 1.0.5, 1.1.0 Currently, the encryption key is barely and statically defined in source code [1] for 1_0_X, [2] for trunk. This key must be moved to an external properties file (security.properties, for example). Nice to have: random generation of this key during 'mvn archetype:generate'. For 1_0_X: provide default to current key value [1] when not provided in security.properties. [1] http://svn.apache.org/repos/asf/syncope/branches/1_0_X/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java [2] http://svn.apache.org/repos/asf/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordEncoder.java -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira