[Geoserver-devel] [jira] (GEOS-5256) Use admin password as master password during migration

Christian Mueller created ImprovementGEOS-5256
Use admin password as master password during migration

Issue Type:

ImprovementImprovement

Affects Versions:

2.2-RC2, 2.2-beta2

Assignee:

Christian Mueller

Components:

Security

Created:

07/Aug/12 8:34 AM

Description:

Geoserver 2.2.x introduces a new administrative user called “root”. The default password is “geoserver”. This opens a security leak in secured production environments.

Solution: During migration of the security directory, the logic figures out the password of the “admin” user and uses this password instead.

Can somebody review:

https://github.com/mcrmcr/geoserver-1/commit/e1d2bac9685a2581736ca2d9befe13553d647754

Fix Versions:

2.3-beta1, 2.2-RC3

Project:

GeoServer

Priority:

BlockerBlocker

Reporter:

Christian Mueller

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your [JIRA administrators](https://jira.codehaus.org/secure/ContactAdministrators!default.jspa). For more information on JIRA, see: [http://www.atlassian.com/software/jira](http://www.atlassian.com/software/jira)