On Sat, 20 Jan 2001, Bordet, Simone wrote:
> a) replace User and Password attributes values with the user name and
> password used to connect to your mail server (Security guys: I did not find
> a clean solution for the password being stored in clear here. Any hint ?)
I think we need to write a KeyManager MBean for Jboss that we initialize
when JBoss is first started with the needed private keys and that has the
methods for encrypting and decrypting data, and storing new keys. Mail
passwords require this, also JMS user/passwords will need it, probably
some other places as well.
For starters we can use java.security classes, you can find a rather basic
keystore there, and use the keyfactories to generate the keys (see
java.security.spec for different key specs for factory). For stronger
encryption we should move to JCE though that has several nice features
(more secure keystores, cipher input/output streams, wrap and unwrap for
sync key exchange, etc.).
-- Juha
