[jira] [Work logged] (ARTEMIS-3573) Support PropertiesLoginModule custom password codecs

Mon, 07 Feb 2022 11:13:06 -0800 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-3573?focusedWorklogId=722195&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-722195
 ]

ASF GitHub Bot logged work on ARTEMIS-3573:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 07/Feb/22 19:12
            Start Date: 07/Feb/22 19:12
    Worklog Time Spent: 10m 
      Work Description: jbertram commented on pull request #3851:
URL: 
https://github.com/apache/activemq-artemis/pull/3851#issuecomment-1031821305


   @gemmellr, thanks for the clarification.
   
   @brusdev, I agree with @gemmellr here. I think we should keep `char[]`. 
   
   For what it's worth, the reason `char[]` is used for the password in many 
places is because it is arguably more secure than `String` mainly because 
`String` is immutable and may stay on the heap for a long time whereas `char[]` 
can be sanitized after use which means it is not vulnerable to heap inspection. 
The broker itself should probably do a better job of using `char[]` for 
passwords in _more_ places, not fewer.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 722195)
    Time Spent: 5h 40m  (was: 5.5h)

> Support PropertiesLoginModule custom password codecs
> ----------------------------------------------------
>
>                 Key: ARTEMIS-3573
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3573
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Domenico Francesco Bruscino
>            Assignee: Domenico Francesco Bruscino
>            Priority: Major
>          Time Spent: 5h 40m
>  Remaining Estimate: 0h
>
> The `PropertiesLoginModule` login module supports only the 
> `DefaultSensitiveStringCodec` codec to verify the user passwords.
> Add a property to set a custom password codec, i.e. 
> org.apache.activemq.jaas.properties.password.codec="org.apache.activemq.artemis.tests.integration.security.MD5SensitiveDataCodec"



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to