[Geoserver-devel] [jira] Created: (GEOS-4702) Passwords stored in plain text

Passwords stored in plain text
------------------------------

                 Key: GEOS-4702
                 URL: https://jira.codehaus.org/browse/GEOS-4702
             Project: GeoServer
          Issue Type: Improvement
          Components: Configuration
    Affects Versions: 2.1.1
            Reporter: Ian Schneider
            Assignee: Justin Deoliveira
         Attachments: encrypt-passwords.patch

User passwords and StoreInfo passwords are currently stored in plain text.

The attached patch addresses this issue by adopting digest passwords for spring security (for users) and using bi-directional encryption for store passwords. Support is provided for:

+ automatic upgrades
+ default PBE key
+ custom PBE key via standard configuration mechanisms (environment, system property, servlet param)

Some of the patch may be superfluous (after late changes) - support for security related test cases - though these were not terribly disruptive.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira