Hi,
some questions and some concern to share with all of you about
UpadteMifosPassword class.
1. There are reasons having not used existing encrypting function,
instead of implement an encryption inside this class?
2. I think that the task of UpdateMifosPassowrd , that means using a
digested password, I more a configuration task than a build task.
3. I would like to have the opportunity to choose if I want the mifos
user password digested. I think that on my machine is not necessary. It
is like having the option: Security enabled or disabled.
4. Putting the UpdatePassword inside the application is not a good idea
for security reason. I rather to have as ant task not launched
automatically at build time
5. The mifos password remains in clear inside the build.xml file. This
vanishes the effort to encrypt it.
6. An ant task should be added to remove the password in clear from
build.xml
7. In the hibernate.properties file the user and pwd to access the
database as root are in clear , so vanishing all the effort to digest
the password and leave an hole in the security
Best Regards
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
