[
https://issues.apache.org/jira/browse/ARTEMIS-786?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15564213#comment-15564213
]
ASF GitHub Bot commented on ARTEMIS-786:
----------------------------------------
Github user gaohoward commented on the issue:
https://github.com/apache/activemq-artemis/pull/835
Good point. I was aware of this but didn't think it clearly. We can
introduce Jasypt to replace current encrypt/decript util for 2 ways, but I'm
not sure this 2-way is suitable for this, which is the only place where hashing
seems the preferred way (other places for password need a 2-way algorithm
because the broker needs to decrypt them at runtime). I'll talk to you before I
do any changes.
> Store user's password in hash form by default
> ---------------------------------------------
>
> Key: ARTEMIS-786
> URL: https://issues.apache.org/jira/browse/ARTEMIS-786
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: Broker
> Affects Versions: 1.4.0
> Reporter: Howard Gao
> Assignee: Howard Gao
> Fix For: 1.5.0
>
>
> Artemis use plaintext to store user's password. To enhance security it should
> be using hash value instead.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
