GeoServer : GSIP 63 - Encrypt Plaintext Passwords
This page last changed on Feb 04, 2012 by jdeolive.
Support digest and encrypted passwords for users and datastore credentials.
TDB. 2.1.x or later.
Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred
User and datastore passwords are currently stored in plaintext. This is an obvious security hazard.
There are two basic components of this proposal:
Additional features include:
Given default behavior is disabled (unit tests all work with enabled), the unit tests that touch the security layer should all be run in both modes - disabled and enabled. Support for this is in the current patch, but I don't like the way it is implemented. Any other good approaches to acheiving this?
This section should contain feedback provided by PSC members who may have a problem with the proposal.
No backwards compatibility issues as the functionality is disabled by default. One enabled, the digestion of passwords is not reversable. Encypted datastore passwords are recoverable, but no support is provided to assist the end user in recovery (by design).
|Document generated by Confluence on May 14, 2014 23:00|