[ https://issues.apache.org/jira/browse/ARTEMIS-786?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15565243#comment-15565243 ]
ASF GitHub Bot commented on ARTEMIS-786: ---------------------------------------- Github user gaohoward commented on the issue: https://github.com/apache/activemq-artemis/pull/835 @jbertram I move the hash factory api into the same PasswordMaskingUtil to reduce confusion, so that both 2-way encryption and one-way hashing APIs are in the same util class. But I'm not sure what's the benefit of bring in Jasypt. The PasswordMaskingUtil provides a general API which enables user to use customized password encoder/decoder like Jasypt, if he really want it. What do you think? > Store user's password in hash form by default > --------------------------------------------- > > Key: ARTEMIS-786 > URL: https://issues.apache.org/jira/browse/ARTEMIS-786 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Broker > Affects Versions: 1.4.0 > Reporter: Howard Gao > Assignee: Howard Gao > Fix For: 1.5.0 > > > Artemis use plaintext to store user's password. To enhance security it should > be using hash value instead. -- This message was sent by Atlassian JIRA (v6.3.4#6332)