On Mon, Aug 19, 2013 at 10:34 AM, Ralph Goers <[email protected]> wrote:
> I'm not sure how this applies to what you are suggesting, but we should > avoid passwords being in clear text in the configuration. I would suggest > using a standard plugin interface similar to what I did with the secret key > provider in the Flume Appender. > We should at the last offer something like http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords Gary > > Ralph > > On Aug 19, 2013, at 7:29 AM, Gary Gregory <[email protected]> wrote: > > On Mon, Aug 19, 2013 at 10:25 AM, Paul Benedict <[email protected]>wrote: > >> Do you need the password ever after authentication? >> > > I guess it depends on whether the code handles re-auth in case of a > disconnect. > > Gary > > >> >> On Mon, Aug 19, 2013 at 8:55 AM, Gary Gregory <[email protected]>wrote: >> >>> On Mon, Aug 19, 2013 at 7:27 AM, Ralph Goers <[email protected]> wrote: >>> >>>> What passwords? >>>> >>> >>> For example: >>> >>> - org.apache.logging.log4j.core.net.SMTPManager.FactoryData.password >>> - org.apache.logging.log4j.core.net.JMSTopicManager.password >>> - org.apache.logging.log4j.core.net.JMSQueueManager.FactoryData.password >>> >>> Gary >>> >>>> >>>> Ralph >>>> >>>> On Aug 19, 2013, at 4:22 AM, Gary Gregory <[email protected]> >>>> wrote: >>>> >>>> I've seen it done many places: Should we track passwords internally as >>>> char[] instead of String for ivars. >>>> >>>> This prevents Log4j spilling your secrets by accident in a toString to >>>> internal log call. >>>> >>>> Gary >>>> >>>> -- >>>> E-Mail: [email protected] | [email protected] >>>> Java Persistence with Hibernate, Second >>>> Edition<http://www.manning.com/bauer3/> >>>> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> >>>> Spring Batch in Action <http://www.manning.com/templier/> >>>> Blog: http://garygregory.wordpress.com >>>> Home: http://garygregory.com/ >>>> Tweet! http://twitter.com/GaryGregory >>>> >>>> >>> >>> >>> -- >>> E-Mail: [email protected] | [email protected] >>> Java Persistence with Hibernate, Second >>> Edition<http://www.manning.com/bauer3/> >>> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> >>> Spring Batch in Action <http://www.manning.com/templier/> >>> Blog: http://garygregory.wordpress.com >>> Home: http://garygregory.com/ >>> Tweet! http://twitter.com/GaryGregory >>> >> >> >> >> -- >> Cheers, >> Paul >> > > > > -- > E-Mail: [email protected] | [email protected] > Java Persistence with Hibernate, Second > Edition<http://www.manning.com/bauer3/> > JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> > Spring Batch in Action <http://www.manning.com/templier/> > Blog: http://garygregory.wordpress.com > Home: http://garygregory.com/ > Tweet! http://twitter.com/GaryGregory > > -- E-Mail: [email protected] | [email protected] Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
