[jira] Closed: (GERONIMO-411) Add Hash Password Rewrite to File Realm

2007-10-27 Thread Donald Woods (JIRA) 

 [ 
https://issues.apache.org/jira/browse/GERONIMO-411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Donald Woods closed GERONIMO-411.
-

   Resolution: Fixed
Fix Version/s: (was: 2.0.x)
   2.0.2

Resolved by GERONIMO-2925

 Add Hash Password Rewrite to File Realm
 ---

 Key: GERONIMO-411
 URL: https://issues.apache.org/jira/browse/GERONIMO-411
 Project: Geronimo
  Issue Type: Improvement
  Components: security
Affects Versions: 1.0-M2, 1.2
Reporter: Aaron Mulder
Assignee: Donald Woods
Priority: Minor
 Fix For: 2.1, 2.0.2

 Attachments: properties-realm.patch


 It would be nice if the properties file realm could rewrite your properties 
 file with hashed passwords when it reads it.  We would need to be able to 
 recognize hashed vs. unhashed entries and perhaps even different algorithms.  
 Perhaps it could go like this:
 user1=plaintext
 user2=MD5{...}
 user3=SHA1{...}
 Anyway, the idea is that this could be a reasonably secure alternative, but 
 you still wouldn't need to manually hash things to add or update entries -- 
 just put a plain text entry in and the next time the server reads the file it 
 would hash it for you.
 I guess we'd need to synchronize on the hash operation to avoid threading 
 problems if multiple apps or whatever use the same properties file, but it 
 shouldn't be bad if we only rewrite the file if we find any plain text 
 entries.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (GERONIMO-411) Add Hash Password Rewrite to File Realm

2007-08-14 Thread Donald Woods (JIRA) 

 [ 
https://issues.apache.org/jira/browse/GERONIMO-411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Donald Woods closed GERONIMO-411.
-

   Resolution: Duplicate
Fix Version/s: (was: 2.0.x)

Already solved by GERONIMO-1880

 Add Hash Password Rewrite to File Realm
 ---

 Key: GERONIMO-411
 URL: https://issues.apache.org/jira/browse/GERONIMO-411
 Project: Geronimo
  Issue Type: Improvement
  Components: security
Affects Versions: 1.0-M2, 1.2
Reporter: Aaron Mulder
Assignee: Donald Woods
Priority: Minor
 Attachments: properties-realm.patch


 It would be nice if the properties file realm could rewrite your properties 
 file with hashed passwords when it reads it.  We would need to be able to 
 recognize hashed vs. unhashed entries and perhaps even different algorithms.  
 Perhaps it could go like this:
 user1=plaintext
 user2=MD5{...}
 user3=SHA1{...}
 Anyway, the idea is that this could be a reasonably secure alternative, but 
 you still wouldn't need to manually hash things to add or update entries -- 
 just put a plain text entry in and the next time the server reads the file it 
 would hash it for you.
 I guess we'd need to synchronize on the hash operation to avoid threading 
 problems if multiple apps or whatever use the same properties file, but it 
 shouldn't be bad if we only rewrite the file if we find any plain text 
 entries.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.