[ https://issues.apache.org/jira/browse/ARTEMIS-786?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15564213#comment-15564213 ]
ASF GitHub Bot commented on ARTEMIS-786: ---------------------------------------- Github user gaohoward commented on the issue: https://github.com/apache/activemq-artemis/pull/835 Good point. I was aware of this but didn't think it clearly. We can introduce Jasypt to replace current encrypt/decript util for 2 ways, but I'm not sure this 2-way is suitable for this, which is the only place where hashing seems the preferred way (other places for password need a 2-way algorithm because the broker needs to decrypt them at runtime). I'll talk to you before I do any changes. > Store user's password in hash form by default > --------------------------------------------- > > Key: ARTEMIS-786 > URL: https://issues.apache.org/jira/browse/ARTEMIS-786 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Broker > Affects Versions: 1.4.0 > Reporter: Howard Gao > Assignee: Howard Gao > Fix For: 1.5.0 > > > Artemis use plaintext to store user's password. To enhance security it should > be using hash value instead. -- This message was sent by Atlassian JIRA (v6.3.4#6332)