[ https://issues.apache.org/jira/browse/ARTEMIS-786?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15586753#comment-15586753 ]
ASF GitHub Bot commented on ARTEMIS-786: ---------------------------------------- Github user jbertram commented on the issue: https://github.com/apache/activemq-artemis/pull/835 The whole masking/hashing process still seems like a bit of a jumble to me. To mask a password there's a raw Java command (e.g. "java -cp <classPath> org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec <password-to-encode>") and then there's a new command you've added to hash a password. I think it would provide a much better user experience to unify both, if possible. > Store user's password in hash form by default > --------------------------------------------- > > Key: ARTEMIS-786 > URL: https://issues.apache.org/jira/browse/ARTEMIS-786 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Broker > Affects Versions: 1.4.0 > Reporter: Howard Gao > Assignee: Howard Gao > Fix For: 1.5.0 > > > Artemis use plaintext to store user's password. To enhance security it should > be using hash value instead. -- This message was sent by Atlassian JIRA (v6.3.4#6332)