Skip to main content

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

  • From: Florent BENOIT <Florent.Benoit@...>
  • To: jsr342-experts@...
  • Subject: [javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7
  • Date: Fri, 09 Mar 2012 10:20:50 +0100
  • List-id: <jsr342-experts.javaee-spec.java.net>

Agreed also. This shouldn't be in deploymentss

Florent

On 03/09/2012 10:11 AM, Markus Eisele wrote:
Again, totally agree. This is nothing I would like to see in deployments.

-M

On 9 March 2012 07:42, Jason T. Greene<jason.greene@...>  wrote:
On 3/8/12 6:09 PM, Bill Shannon wrote:
I've uploaded another proposal from our security team. Please review
and give us your feedback.


http://java.net/projects/javaee-spec/downloads/download/credential-ssl-config-ee7-proposal.pdf

Frankly the whole idea of sticking private keys and password databases in
deployments seems like a major hazard. Developers are used to copying these
around everywhere. I could easily see someone forgetting they have sensitive
information in here. People also tend to use short and bad passwords in
keystores which makes bruteforcing a PKCS12 file not that difficult.

--
Jason T. Greene
JBoss AS Lead / EAP Platform Architect
JBoss, a division of Red Hat



[javaee-spec users] [jsr342-experts] Improved Credential and SSL Configuration for EE 7

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Jason T. Greene 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Jeff Genender 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Jevgeni Kabanov 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Markus Eisele 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Florent BENOIT 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Minoru Nitta 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Jevgeni Kabanov 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Jason T. Greene 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Bill Shannon 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

Jason T. Greene 03/09/2012

[javaee-spec users] [jsr342-experts] Re: Improved Credential and SSL Configuration for EE 7

IIDA Minehiko 03/10/2012
 
 
Close
loading
Please Confirm
Close