Passwords stored in plain text
------------------------------
Key: GEOS-4702
URL: https://jira.codehaus.org/browse/GEOS-4702
Project: GeoServer
Issue Type: Improvement
Components: Configuration
Affects Versions: 2.1.1
Reporter: Ian Schneider
Assignee: Justin Deoliveira
Attachments: encrypt-passwords.patch
User passwords and StoreInfo passwords are currently stored in plain text.
The attached patch addresses this issue by adopting digest passwords for spring security (for users) and using bi-directional encryption for store passwords. Support is provided for:
+ automatic upgrades
+ default PBE key
+ custom PBE key via standard configuration mechanisms (environment, system property, servlet param)
Some of the patch may be superfluous (after late changes) - support for security related test cases - though these were not terribly disruptive.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira