Details

    • Type: New Feature New Feature
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 4.0
    • Fix Version/s: future release
    • Component/s: security
    • Labels:
      None

      Description

      Best practices and common enterprise security policies dictate that we not store any passwords in clear text on the filesystem. There are a number of places where passwords are required in configuration, annotations and possibly even application code.
      Password aliasing or indirection is a mechanism for storing and referencing a moniker or token instead of an actual clear text password. Resolving the token into an actual password for use at runtime is protected and only available to trusted code.
      In order to support this in a portable way, Java EE 7 is standardizing a number of aspects of the solution. At the same time, the standard will not dictate the runtime implementation details for this support.

      See http://java.net/downloads/javaee-spec/password-aliasing-ee7-proposal.pdf

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            JeffTancill
            Reporter:
            JeffTancill
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:

              Time Tracking

              Estimated:
              Original Estimate - 6 weeks
              6w
              Remaining:
              Remaining Estimate - 6 weeks
              6w
              Logged:
              Time Spent - Not Specified
              Not Specified