This page last changed on Feb 04, 2012 by jdeolive.


Support digest and encrypted passwords for users and datastore credentials.

This proposal has been superseded by GSIP 71 - New Security Subsystem.

Proposed By

Ian Schneider

Assigned to Release

TDB. 2.1.x or later.


Choose one of: Under Discussion, In Progress, Completed, Rejected, Deferred


User and datastore passwords are currently stored in plaintext. This is an obvious security hazard.


There are two basic components of this proposal:

  1. Support digest storage of user passwords. This implies non-recoverable passwords for users but provides higher security than recoverable passwords.
  2. Support encrypted passwords for datastore credentials. These passwords must be decryptable to allow plaintext transmission to authentication systems. A master password is used to encrypt these.

Additional features include:

  1. Opt-in only. To enabled the system, a configuration property must be set.
  2. Configurable digest and encryption algorithms and JCE security provider.
  3. Default provider and SPI for custom provider.
  4. JMX bean supports changing master password.
  5. User docs!

Other Notes:


Given default behavior is disabled (unit tests all work with enabled), the unit tests that touch the security layer should all be run in both modes - disabled and enabled. Support for this is in the current patch, but I don't like the way it is implemented. Any other good approaches to acheiving this?


This section should contain feedback provided by PSC members who may have a problem with the proposal.

Backwards Compatibility

No backwards compatibility issues as the functionality is disabled by default. One enabled, the digestion of passwords is not reversable. Encypted datastore passwords are recoverable, but no support is provided to assist the end user in recovery (by design).


Andrea Aime: +1
Alessio Fabiani:
Ben Caradoc-Davies: +1
Gabriel Roldán:
Justin Deoliveira: +1
Jody Garnett: +1
Mark Leslie: +1
Simone Giannecchini:


[Wiki Page|]

Document generated by Confluence on May 14, 2014 23:00